SSRF Vulnerability in OpenStack Glance Image Service
CVE-2017-7200

5.8MEDIUM

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
21 March 2017

Summary

An SSRF vulnerability in the OpenStack Glance Image Service prior to the Newton release allows attackers to exploit the 'copy_from' feature in the v1 API. By crafting a request such as 'http://localhost:22', attackers can simulate network port scans that obscure their identity, making it appear as if these scans originate from the Glance service itself. This could potentially expose sensitive internal network details to malicious actors.

References

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.