CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31546
https://notcve.org/view.php?id=CVE-2022-31546
11 Jul 2022 — The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio nlpweb/glance versiones hasta 27-06-2014 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7200
https://notcve.org/view.php?id=CVE-2017-7200
21 Mar 2017 — An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. Un problema SSRF ha sido descubierto en OpenStack Glance en versiones anteriores a Newt... • http://www.securityfocus.com/bid/96988 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3289
https://notcve.org/view.php?id=CVE-2015-3289
14 Aug 2015 — OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. Vulnerabilidad en OpenStack Glance en versiones anteriores a 2015.1.1 (kilo), permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) utilizando reiteradamente la API de importación de flujo de tareas para crear imágenes y borrarlas después. • http://lists.openstack.org/pipermail/openstack-announce/2015-July/000481.html • CWE-399: Resource Management Errors •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 2CVE-2013-4428 – Glance: image_download policy not enforced for cached images
https://notcve.org/view.php?id=CVE-2013-4428
23 Oct 2013 — OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly con versiones anteriores a 2013.1.4, y Havana con versiones anteriores a 2013.2, cuando se configura la política image_download, no re... • http://rhn.redhat.com/errata/RHSA-2013-1525.html • CWE-264: Permissions, Privileges, and Access Controls •