USN-8199-1
- Source
- https://ubuntu.com/security/notices/USN-8199-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8199-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-8199-1
- Upstream
- Related
- Published
- 2026-04-22T18:04:46Z
- Modified
- 2026-04-27T20:14:09.465625458Z
- Summary
- glance vulnerabilities
- Details
-
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-32498)
Hyeongeun Ji and Abhishek Kekane discovered several server-side request forgery vulnerabilities in OpenStack Glance's image import. An attacker could possibly use this issue to bypass URL validation checks and redirect to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-34881)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / glance
Package
- Name
- glance
- Purl
- pkg:deb/ubuntu/glance@2:12.0.0-0ubuntu2+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:12.0.0-0ubuntu2+esm1
Affected versions
2:11.*
2:11.0.0-0ubuntu1
2:12.*
2:12.0.0~b1-0ubuntu1
2:12.0.0~b2-0ubuntu1
2:12.0.0~b3-0ubuntu1
2:12.0.0~rc1-0ubuntu1
2:12.0.0-0ubuntu1
2:12.0.0-0ubuntu2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "2:12.0.0-0ubuntu2+esm1",
"binary_name": "glance"
},
{
"binary_version": "2:12.0.0-0ubuntu2+esm1",
"binary_name": "glance-api"
},
{
"binary_version": "2:12.0.0-0ubuntu2+esm1",
"binary_name": "glance-common"
},
{
"binary_version": "2:12.0.0-0ubuntu2+esm1",
"binary_name": "glance-glare"
},
{
"binary_version": "2:12.0.0-0ubuntu2+esm1",
"binary_name": "glance-registry"
},
{
"binary_version": "2:12.0.0-0ubuntu2+esm1",
"binary_name": "python-glance"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8199-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2024-32498"
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
Ubuntu:Pro:18.04:LTS / glance
Package
- Name
- glance
- Purl
- pkg:deb/ubuntu/glance@2:16.0.1-0ubuntu1.1+esm2?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:16.0.1-0ubuntu1.1+esm2
Affected versions
2:15.*
2:15.0.0-0ubuntu1
2:16.*
2:16.0.0~b2-0ubuntu2
2:16.0.0~rc1-0ubuntu1
2:16.0.0~rc2-0ubuntu1
2:16.0.0~rc3-0ubuntu1
2:16.0.0-0ubuntu1
2:16.0.1-0ubuntu1.1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "2:16.0.1-0ubuntu1.1+esm2",
"binary_name": "glance"
},
{
"binary_version": "2:16.0.1-0ubuntu1.1+esm2",
"binary_name": "glance-api"
},
{
"binary_version": "2:16.0.1-0ubuntu1.1+esm2",
"binary_name": "glance-common"
},
{
"binary_version": "2:16.0.1-0ubuntu1.1+esm2",
"binary_name": "glance-registry"
},
{
"binary_version": "2:16.0.1-0ubuntu1.1+esm2",
"binary_name": "python-glance"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-32498"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34881"
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8199-1.json"
Ubuntu:Pro:20.04:LTS / glance
Package
- Name
- glance
- Purl
- pkg:deb/ubuntu/glance@2:20.2.0-0ubuntu1.2+esm2?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:20.2.0-0ubuntu1.2+esm2
Affected versions
2:19.*
2:19.0.0-0ubuntu1
2:20.*
2:20.0.0~b1~git2019121610.0c6dd98d-0ubuntu1
2:20.0.0~b2~git2020020509.8649fdc2-0ubuntu1
2:20.0.0~b3~git2020032414.30ece7aa-0ubuntu2
2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1
2:20.0.0-0ubuntu0.20.04.1
2:20.0.1-0ubuntu1
2:20.1.0-0ubuntu1
2:20.2.0-0ubuntu1
2:20.2.0-0ubuntu1.1
2:20.2.0-0ubuntu1.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:20.2.0-0ubuntu1.2+esm2",
"binary_name": "glance"
},
{
"binary_version": "2:20.2.0-0ubuntu1.2+esm2",
"binary_name": "glance-api"
},
{
"binary_version": "2:20.2.0-0ubuntu1.2+esm2",
"binary_name": "glance-common"
},
{
"binary_version": "2:20.2.0-0ubuntu1.2+esm2",
"binary_name": "python3-glance"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-34881"
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8199-1.json"