Search CVE reports
1 – 10 of 30 results
CVE-2024-32498
Medium prioritySome fixes available 15 of 21
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references...
3 affected packages
cinder, glance, nova
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cinder | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
glance | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
nova | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-1141
Medium prioritySome fixes available 5 of 7
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
1 affected package
python-glance-store
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-glance-store | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-2088
Medium prioritySome fixes available 10 of 30
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...
5 affected packages
cinder, ironic, nova, python-glance-store, python-os-brick
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cinder | — | Fixed | Ignored | Ignored | Ignored |
ironic | — | Fixed | Ignored | Ignored | Ignored |
nova | — | Fixed | Ignored | Ignored | Ignored |
python-glance-store | — | Fixed | Ignored | Ignored | Ignored |
python-os-brick | — | Fixed | Ignored | Ignored | Ignored |
CVE-2022-4134
Medium priorityA flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
1 affected package
glance
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glance | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-47951
Medium prioritySome fixes available 23 of 25
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially...
3 affected packages
cinder, glance, nova
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cinder | Fixed | Fixed | Fixed | Fixed | Vulnerable |
glance | Fixed | Fixed | Fixed | Not affected | Not affected |
nova | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2021-23418
Medium prioritySome fixes available 3 of 5
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
1 affected package
glances
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glances | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2016-8611
Low priorityA vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through...
1 affected package
glance
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glance | — | — | — | — | Ignored |
CVE-2016-4383
Medium priorityThe glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
1 affected package
glance
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glance | — | — | — | — | Ignored |
CVE-2015-8234
Low priorityThe image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
1 affected package
glance
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glance | — | — | — | — | Not affected |
CVE-2017-7200
Low priorityAn SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such...
1 affected package
glance
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glance | — | — | — | — | Ignored |