PT-2017-17570 · Openstack · Openstack Glance
Luke Hinds
·
Published
2017-03-21
·
Updated
2022-05-17
·
CVE-2017-7200
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Glance versions prior to Newton
Description
A Server-Side Request Forgery (SSRF) issue was discovered, allowing an attacker to perform masked network port scans through the 'copy from' feature in the Image Service API v1. This enables the creation of images with a URL such as 'http://localhost:22', which can then be used to enumerate internal network details while appearing masked, as the scan would seem to originate from the Glance Image service.
Recommendations
For versions prior to Newton, consider disabling the 'copy from' feature in the Image Service API v1 as a temporary workaround to minimize the risk of exploitation. Restrict access to the Image Service API v1 to prevent potential attackers from creating malicious images.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Glance