CVE-2022-25937

Name of the Vulnerable Software and Affected Versions glance versions prior to 3.0.9

Description The issue is related to a directory traversal vulnerability in the HTTP server of glance, allowing an attacker to bypass access restrictions and gain unauthorized access to protected information. This vulnerability enables users to read files outside the public root directory.

Recommendations For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.