An SSRF issue exists in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an malicious user to perform masked network port scans. With v1, it is possible to create images with a URL such as 'localhost:22'. This could then allow an malicious user to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack glance |