Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-7200

Опубликовано: 21 мар. 2017
Источник: debian

Описание

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glancefixed2:13.0.0-1package
glanceno-dsajessiepackage
glanceend-of-lifewheezypackage

Примечания

  • https://wiki.openstack.org/wiki/OSSN/OSSN-0078

  • https://bugs.launchpad.net/ossn/+bug/1606495

  • https://bugs.launchpad.net/ossn/+bug/1153614

  • The only implemented solution is to move to the v2 API (deprecated in

  • 2:13.0.0-1, using that as the fixed version)

Связанные уязвимости

ubuntu логотип

CVE-2017-7200

CVSS3: 5.8
ubuntu
почти 9 лет назад

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

redhat логотип

CVE-2017-7200

CVSS3: 6.5
redhat
почти 9 лет назад

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

nvd логотип

CVE-2017-7200

CVSS3: 5.8
nvd
почти 9 лет назад

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

github логотип

GHSA-j6mr-cm6x-h6jg

CVSS3: 5.8
github
больше 3 лет назад

OpenStack Glance Server-Side Request Forgery (SSRF)

Уязвимость CVE-2017-7200