SSRF Vulnerability in OpenStack Glance Image Service
CVE-2017-7200

5.8MEDIUM

Key Information:

Vendor
Openstack
Status
Glance
Vendor
CVE Published:
21 March 2017

Summary

An SSRF vulnerability in the OpenStack Glance Image Service prior to the Newton release allows attackers to exploit the 'copy_from' feature in the v1 API. By crafting a request such as 'http://localhost:22', attackers can simulate network port scans that obscure their identity, making it appear as if these scans originate from the Glance service itself. This could potentially expose sensitive internal network details to malicious actors.

References

http://www.securityfocus.com/bid/96988
vdb-entryx_refsource_BID
https://bugs.launchpad.net/ossn/+bug/1153614
x_refsource_CONFIRM
https://wiki.openstack.org/wiki/OSSN/OSSN-0078
x_refsource_CONFIRM

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.