CVE-2017-7200

EPSS 0.38%
Published 21.03.2017 06:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Glance Version <= mitaka

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.583

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://www.securityfocus.com/bid/96988

Third Party Advisory

VDB Entry

https://bugs.launchpad.net/ossn/+bug/1153614

Third Party Advisory

https://bugs.launchpad.net/ossn/+bug/1606495

Third Party Advisory

https://wiki.openstack.org/wiki/OSSN/OSSN-0078

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-7200

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7200

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7200

EUVD