Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01Z3A1LXZ4ajYtNDI1N84AAx9T
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
Permalink: https://github.com/advisories/GHSA-5gp5-vxj6-4257JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Z3A1LXZ4ajYtNDI1N84AAx9T
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 2.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Identifiers: GHSA-5gp5-vxj6-4257, CVE-2022-4134
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-4134
- https://bugs.launchpad.net/glance/+bug/1990157
- https://bugzilla.redhat.com/show_bug.cgi?id=2147462
- https://wiki.openstack.org/wiki/OSSN/OSSN-0090
- https://nvd.nist.gov/vuln/detail/CVE-2016-0757
- https://github.com/advisories/GHSA-5gp5-vxj6-4257
Affected Packages
pypi:glance
Dependent packages: 0Dependent repositories: 13
Downloads: 4,341 last month
Affected Version Ranges: <= 25.1.0
No known fixed version
All affected versions: 15.0.2, 17.0.1, 18.0.0, 18.0.1, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.0.4, 20.0.0, 20.0.1, 20.1.0, 20.2.0, 21.0.0, 21.1.0, 22.0.0, 22.1.0, 22.1.1, 23.0.0, 23.1.0, 24.0.0, 24.1.0, 24.2.0, 24.2.1, 25.0.0, 25.1.0