CVE-2022-4134

CWE-8296 documents5 sources
Severity
2.8LOW
EPSS
0.2%
top 59.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedMar 6
Latest updateMar 7

Description

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 1.3 | Impact: 1.4

Affected Packages3 packages

PyPIglance25.1.0
CVEListV5openstackAs shipped with Red Hat Openstack 13, 16.1, 16.2, and 17.
NVDredhat/openstack4 versions+3

🔴Vulnerability Details

4
GHSA
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability2023-03-07
OSV
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability2023-03-07
CVEList
CVE-2022-4134: A flaw was found in openstack-glance2023-03-06
OSV
CVE-2022-4134: A flaw was found in openstack-glance2023-03-06

📋Vendor Advisories

1
Red Hat
openstack: glance & ceph conflict which allows image tampering2022-10-14
CVE-2022-4134 (LOW CVSS 2.8) | A flaw was found in openstack-glanc | cvebase.io