UBUNTU-CVE-2017-7200
- Source
- https://ubuntu.com/security/CVE-2017-7200
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-7200.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-7200
- Upstream
- Published
- 2017-03-21T06:59:00Z
- Modified
- 2025-09-08T16:44:10Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / glance
Package
- Name
- glance
- Purl
- pkg:deb/ubuntu/glance@2:12.0.0-0ubuntu2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:11.*
2:11.0.0-0ubuntu1
2:12.*
2:12.0.0~b1-0ubuntu1
2:12.0.0~b2-0ubuntu1
2:12.0.0~b3-0ubuntu1
2:12.0.0~rc1-0ubuntu1
2:12.0.0-0ubuntu1
2:12.0.0-0ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_name": "glance",
"binary_version": "2:12.0.0-0ubuntu2"
},
{
"binary_name": "glance-api",
"binary_version": "2:12.0.0-0ubuntu2"
},
{
"binary_name": "glance-common",
"binary_version": "2:12.0.0-0ubuntu2"
},
{
"binary_name": "glance-glare",
"binary_version": "2:12.0.0-0ubuntu2"
},
{
"binary_name": "glance-registry",
"binary_version": "2:12.0.0-0ubuntu2"
},
{
"binary_name": "python-glance",
"binary_version": "2:12.0.0-0ubuntu2"
}
]
}