CVE-2018-3748
https://notcve.org/view.php?id=CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name. Existe una vulnerabilidad Cross-Site Scripting (XSS) persistente en el módulo glance node en versiones 3.0.5 y anteriores. El nombre de archivo, que contiene código HTML malicioso (por ejemplo, un elemento iframe o un manipulador de pseudoprotocolos javascript: en un elemento <a rel="nofollow">) permite que se ejecute código JavaScript contra cualquier usuario que abra un listado de directorios que contenga dicho nombre de archivo manipulado.</a> • https://hackerone.com/reports/310133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-3715
https://notcve.org/view.php?id=CVE-2018-3715
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. El módulo de node glance sufre de una vulnerabilidad de salto de directorio debido a la falta de validación de una ruta que se le pasa, que permite que un usuario malicioso lea contenido de cualquier archivo con una ruta conocida. • https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19 https://hackerone.com/reports/310106 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-8234
https://notcve.org/view.php?id=CVE-2015-8234
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. El algoritmo de firma de imagen en OpenStack Glance 11.0.0 permite a atacantes remotos evitar el proceso de verificación de firma a través de una imagen manipulada, lo que desencadena en una colisión MD5. • http://seclists.org/oss-sec/2015/q4/303 https://bugs.launchpad.net/glance/+bug/1516031 https://wiki.openstack.org/wiki/OSSN/OSSN-0061 • CWE-310: Cryptographic Issues •
CVE-2017-7200
https://notcve.org/view.php?id=CVE-2017-7200
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. Un problema SSRF ha sido descubierto en OpenStack Glance en versiones anteriores a Newton. • http://www.securityfocus.com/bid/96988 https://bugs.launchpad.net/ossn/+bug/1153614 https://bugs.launchpad.net/ossn/+bug/1606495 https://wiki.openstack.org/wiki/OSSN/OSSN-0078 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2015-5162 – openstack-nova/glance/cinder: Malicious image may exhaust resources
https://notcve.org/view.php?id=CVE-2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. El analizador de imagen en OpenStack Cinder 7.0.2 y 8.0.0 hasta la versión 8.1.1; Glance en versiones anteriores a 11.0.1 y 12.0.0; y Nova en versiones anteriores a 12.0.4 y 13.0.0 no limita adecuadamente las llamadas a qemu-img, lo que podría permitir a atacantes provocar una denegación de servicio (consumo de memoria y disco) a través de una imagen de disco manipulada. A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. • http://rhn.redhat.com/errata/RHSA-2016-2923.html http://rhn.redhat.com/errata/RHSA-2016-2991.html http://rhn.redhat.com/errata/RHSA-2017-0153.html http://rhn.redhat.com/errata/RHSA-2017-0156.html http://rhn.redhat.com/errata/RHSA-2017-0165.html http://rhn.redhat.com/errata/RHSA-2017-0282.html http://www.openwall.com/lists/oss-security/2016/10/06/8 http://www.securityfocus.com/bid/76849 https://launchpad.net/bugs/1449062 https://access.redhat.com/securit • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •