cvedb.io
CVE-2017-7200
MEDIUM · CVSS 5.8
EPSS exploitation probability: 0%
Published 2017-03-21T06:59:00.227 · Last modified 2026-06-17T01:23:50.830

Summary

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Affected products

openstack — glance

Does this affect you?

Add your gear to cvedb and we'll alert you only when openstack ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.