threat
engine
.sh
Back
·
··:··
Home
/
Product
/
openstack glance
Product
openstack glance
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34881
< 29.1.1
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP r
5.0
MEDIUM
CVE-2024-32498
< 26.0.1
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access ca
6.5
MEDIUM
CVE-2024-1141
< 4.7.0
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when
5.5
MEDIUM
CVE-2022-4134
all versions
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising
2.8
LOW
CVE-2022-25937
< 3.0.9
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the publ
6.5
MEDIUM
CVE-2022-47951
< 23.0.1
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.
5.7
MEDIUM
CVE-2022-31546
<= 2014-06-27
The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is u
9.3
CRITICAL
CVE-2022-24696
< 5.1.1.42207
Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelat
7.8
HIGH
CVE-2016-8611
all versions
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2
/images
4.3
MEDIUM
CVE-2018-3748
all versions
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. emb
6.1
MEDIUM
CVE-2018-3715
< 3.0.4
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which
6.5
MEDIUM
CVE-2015-8234
all versions
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via
5.5
MEDIUM
CVE-2017-7200
<= mitaka
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an att
5.8
MEDIUM
CVE-2015-5162
<= 11.0.0
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13
7.5
HIGH
CVE-2015-5163
all versions
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote a
CVE-2015-3289
<= 2015.1.0
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repea
CVE-2013-4428
>= 2012.2 and <= 2012.2.4
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloa
CVE-2013-1840
all versions
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, repor
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin