CVE-2017-7200
published 2017-03-21CVE-2017-7200: An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked…
medium5.8CVSS 3.0
AVNACLPRNUINSCCLINAN
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glance | < glance 2:13.0.0-1 (bookworm) | glance 2:13.0.0-1 (bookworm) |
| glance_project | glance | >= 0 < 2:13.0.0-1 | 2:13.0.0-1 |
| glance_project | glance | >= 0 < 2:13.0.0-1 | 2:13.0.0-1 |
| glance_project | glance | >= 0 < 2:13.0.0-1 | 2:13.0.0-1 |
| glance_project | glance | >= 0 < 2:13.0.0-1 | 2:13.0.0-1 |
| glance_project | glance | >= 0 < 11.0.0a0 | 11.0.0a0 |
| openstack | glance | <= mitaka | — |
CVSS provenance
nvdv3.05.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
osv5.8MEDIUM