Openstack Glance
8 CVEs affecting Openstack Glance. Latest disclosed: 2026-03-31. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-5162 | High | 7.5 | 2016-10-07 | The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit… |
CVE-2017-7200 | Medium | 5.8 | 2017-03-21 | An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked netwo… |
CVE-2015-8234 | Medium | 5.5 | 2017-03-29 | The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which trigge… |
CVE-2026-34881 | Medium | 5.0 | 2026-03-31 | OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated us… |
CVE-2015-5163 | | 2015-08-19 | The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read ar… | |
CVE-2015-3289 | | 2015-08-14 | OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task f… | |
CVE-2013-4428 | | 2013-10-27 | OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured… | |
CVE-2013-1840 | | 2013-03-22 | The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which… |