Glance Project Glance vulnerabilities
29 known vulnerabilities affecting glance_project/glance.
Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM22LOW3
Vulnerabilities
Page 2 of 2
CVE-2015-1881P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2015-1881 [MEDIUM] CWE-770 OpenStack Glance Denial of service by creating a large number of images
OpenStack Glance Denial of service by creating a large number of images
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9
ghsaosv
CVE-2014-5356P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2014-5356 [MEDIUM] OpenStack Glance improper validation of the image_size_cap configuration option
OpenStack Glance improper validation of the image_size_cap configuration option
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a lar
ghsaosv
CVE-2014-9684P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2014-9684 [MEDIUM] CWE-770 OpenStack Glance Denial of service by creating a large number of images
OpenStack Glance Denial of service by creating a large number of images
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vul
ghsaosv
CVE-2013-0212P4MEDIUMCVSS 4.0≥ 2012.1, < 2012.2.32022-05-05
CVE-2013-0212 [MEDIUM] CWE-200 OpenStack Glance logs user name and password in cleartext
OpenStack Glance logs user name and password in cleartext
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
ghsaosv
CVE-2014-9623P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2014-9623 [MEDIUM] OpenStack Glance Bypass the storage quota and Denial of service
OpenStack Glance Bypass the storage quota and Denial of service
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
ghsaosv
CVE-2015-3289P4MEDIUMCVSS 4.0≥ 0, < 2015.1.0-42015-08-14
CVE-2015-3289 [MEDIUM] CVE-2015-3289: OpenStack Glance before 2015
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
osv
CVE-2013-1840P4LOWCVSS 3.5≥ 0, < 11.0.0a02022-05-17
CVE-2013-1840 [LOW] CWE-200 OpenStack Glance is vulnerable to Exposure of Sensitive Information
OpenStack Glance is vulnerable to Exposure of Sensitive Information
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
ghsaosv
CVE-2022-4134P4LOW≥ 0, ≤ 25.1.02023-03-07
CVE-2022-4134 [LOW] CWE-829 OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
ghsaosv
CVE-2014-1948P4MEDIUMCVSS 2.6≥ 0, < 11.0.0a02022-05-17
CVE-2014-1948 [MEDIUM] CWE-532 OpenStack Glance sensitive information disclosure via logs
OpenStack Glance sensitive information disclosure via logs
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
ghsaosv
← Previous2 / 2