Description
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Changed
Confidentiality: Low
Integrity: None
Availability: None
Affected Packages3 packages
🔴Vulnerability Details
4GHSAOpenStack Glance Server-Side Request Forgery (SSRF)↗2022-05-17 OSVOpenStack Glance Server-Side Request Forgery (SSRF)↗2022-05-17 CVEListCVE-2017-7200: An SSRF issue was discovered in OpenStack Glance before Newton↗2017-03-21 OSVCVE-2017-7200: An SSRF issue was discovered in OpenStack Glance before Newton↗2017-03-21 💥Exploits & PoCs
1Exploit-DBEBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow↗2020-01-08 📋Vendor Advisories
2Red Hatopenstack-glance: API v1 copy_from reveals network details↗2017-03-15 DebianCVE-2017-7200: glance - An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' ...↗2017 💬Community
1BugzillaCVE-2017-7200 openstack-glance: API v1 copy_from reveals network details↗2017-03-21