Glance OpenStack Glance

Do you want an email whenever new security vulnerabilities are reported in OpenStack Glance?

By the Year

In 2024 there have been 0 vulnerabilities in OpenStack Glance . Last year Glance had 2 security vulnerabilities published. Right now, Glance is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 2 4.25
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 1 6.50

It may take a day or so for new Glance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenStack Glance Security Vulnerabilities

A flaw was found in openstack-glance

CVE-2022-4134 2.8 - Low - March 06, 2023

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

Inclusion of Functionality from Untrusted Control Sphere

An issue was discovered in OpenStack Cinder before 19.1.2

CVE-2022-47951 5.7 - Medium - January 26, 2023

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Directory traversal

A vulnerability was found in Openstack Glance

CVE-2016-8611 6.5 - Medium - July 31, 2018

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.

Resource Exhaustion

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might

CVE-2015-5162 7.5 - High - October 07, 2016

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Resource Management Errors

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API

CVE-2015-5163 - August 19, 2015

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenStack Glance or by OpenStack? Click the Watch button to subscribe.

OpenStack
Vendor

subscribe