Skip to main content

Glance

13 CVEs product

Monthly

CVE-2026-34881 PyPI MEDIUM PATCH This Month

Server-Side Request Forgery in OpenStack Glance image import allows authenticated users to bypass URL validation via HTTP redirects and reach internal services. Affected versions include Glance prior to 29.1.1, 30.0.0 through 30.1.0, and 31.0.0. The vulnerability impacts web-download and glance-download import methods, plus the optional ovf_process plugin. An authenticated attacker can craft a redirect chain to access restricted internal endpoints, though the CVSS vector indicates no confidentiality impact and limited integrity risk (CVSS 5.0). No public exploit code or active exploitation has been confirmed at time of analysis.

SSRF Glance
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-32498 PyPI MEDIUM PATCH This Month

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Path Traversal Information Disclosure Cinder Glance +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31546 CRITICAL POC Act Now

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Glance
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-24696 HIGH This Week

Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Glance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-3748 npm MEDIUM POC PATCH This Month

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-3715 npm MEDIUM POC PATCH This Month

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Glance
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2015-8234 PyPI MEDIUM PATCH This Month

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Glance
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7200 PyPI MEDIUM PATCH This Month

An SSRF issue was discovered in OpenStack Glance before Newton. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glance
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2015-5162 PyPI HIGH POC PATCH This Week

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cinder Glance Nova
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2015-5163 PyPI LOW PATCH Monitor

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glance
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-3289 MEDIUM PATCH This Month

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-4428 LOW POC PATCH Monitor

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Glance Ubuntu Linux
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-1840 PyPI LOW PATCH Monitor

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glance
NVD
CVSS 2.0
3.5
EPSS
0.3%
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Server-Side Request Forgery in OpenStack Glance image import allows authenticated users to bypass URL validation via HTTP redirects and reach internal services. Affected versions include Glance prior to 29.1.1, 30.0.0 through 30.1.0, and 31.0.0. The vulnerability impacts web-download and glance-download import methods, plus the optional ovf_process plugin. An authenticated attacker can craft a redirect chain to access restricted internal endpoints, though the CVSS vector indicates no confidentiality impact and limited integrity risk (CVSS 5.0). No public exploit code or active exploitation has been confirmed at time of analysis.

SSRF Glance
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Path Traversal Information Disclosure +3
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Glance
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Glance
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glance
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Glance
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Glance
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

An SSRF issue was discovered in OpenStack Glance before Newton. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glance
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cinder Glance +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glance
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Glance
NVD
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Glance Ubuntu Linux
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy