Security Advisory

CVE-2017-7200

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-03-21 06:21:00

Last updated 2024-08-05 15:56:36

Assigner mitre

State PUBLISHED

Description

An SSRF issue was discovered in OpenStack Glance before Newton. The copy_from feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as http://localhost:22. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

← Browse all CVEs View on cve.org ↗