CVE-2017-7200

Name of the Vulnerable Software and Affected Versions OpenStack Glance versions prior to Newton

Description A Server-Side Request Forgery (SSRF) issue was discovered, allowing an attacker to perform masked network port scans through the 'copy from' feature in the Image Service API v1. This enables the creation of images with a URL such as 'http://localhost:22', which can then be used to enumerate internal network details while appearing masked, as the scan would seem to originate from the Glance Image service.

Recommendations For versions prior to Newton, consider disabling the 'copy from' feature in the Image Service API v1 as a temporary workaround to minimize the risk of exploitation. Restrict access to the Image Service API v1 to prevent potential attackers from creating malicious images.