GHSA-wmhw-fvg9-87fc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wmhw-fvg9-87fc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wmhw-fvg9-87fc/GHSA-wmhw-fvg9-87fc.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-wmhw-fvg9-87fc
- Aliases
- Published
- 2022-05-17T02:52:21Z
- Modified
- 2024-11-25T22:42:41.144044Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- OpenStack Glance Signature Verification Bypass
- Details
-
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
- Database specific
{ "github_reviewed_at": "2023-08-03T22:14:42Z", "severity": "MODERATE", "nvd_published_at": "2017-03-29T14:59:00Z", "cwe_ids": [ "CWE-328" ], "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-8234
- https://bugs.launchpad.net/glance/+bug/1516031
- https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2017-143.yaml
- https://seclists.org/oss-sec/2015/q4/303
- https://wiki.openstack.org/wiki/OSSN/OSSN-0061
- http://seclists.org/oss-sec/2015/q4/303
Affected packages
PyPI / glance
Package
- Name
- glance
- View open source insights on deps.dev
- Purl
- pkg:pypi/glance