PT-2026-29197 · Openstack+2 · Openstack Glance+3
Hyeongeun_Ji
·
Publicado
2026-03-31
·
Atualizado
2026-04-22
·
CVE-2026-34881
CVSS v3.1
5.0
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Glance versions prior to 29.1.1
OpenStack Glance versions 30.0.0 through 30.1.1
OpenStack Glance version 31.0.0
Description
An authenticated user can bypass URL validation checks and redirect to internal services through HTTP redirects, leading to Server-Side Request Forgery (SSRF). The web-download and glance-download image import methods, as well as the ovf process image import plugin (when enabled), are affected.
Recommendations
Update to a version of OpenStack Glance greater than or equal to 29.1.1.
Update to a version of OpenStack Glance greater than or equal to 30.1.1.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linuxmint
Openstack Glance
Ubuntu
Ovf Process