Workflow

PyPi: Glance

CVE-2022-4134

Safety vulnerability ID: 53569

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 06, 2023 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
https://wiki.openstack.org/wiki/OSSN/OSSN-0090

Affected package

glance

Latest version: 29.0.0

OpenStack Image Service

Affected versions

Fixed versions

Vulnerability changelog

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. See CVE-2022-4134.


MISC:https://bugs.launchpad.net/glance/+bug/1990157: https://bugs.launchpad.net/glance/+bug/1990157
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2147462: https://bugzilla.redhat.com/show_bug.cgi?id=2147462
MISC:https://wiki.openstack.org/wiki/OSSN/OSSN-0090: https://wiki.openstack.org/wiki/OSSN/OSSN-0090

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 2.8

CVSS v3 Details

LOW 2.8
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
LOW
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
LOW
Availability Availability (A)
NONE