GHSA-5gp5-vxj6-4257

Suggest an improvement
Source
https://github.com/advisories/GHSA-5gp5-vxj6-4257
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5gp5-vxj6-4257/GHSA-5gp5-vxj6-4257.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5gp5-vxj6-4257
Aliases
Published
2023-03-07T00:30:24Z
Modified
2025-03-06T22:05:42.401820Z
Severity
  • 2.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Details

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

Database specific 
{
    "cwe_ids": [
        "CWE-829"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2023-03-06T23:15:00Z",
    "severity": "LOW",
    "github_reviewed_at": "2023-03-08T00:16:31Z"
}
References

Affected packages

PyPI / glance

Package

Name
glance
View open source insights on deps.dev
Purl
pkg:pypi/glance

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
25.1.0

Affected versions

15.*
15.0.2
17.*
17.0.1
18.*
18.0.0.0b1
18.0.0.0rc1
18.0.0
18.0.1
19.*
19.0.0.0b1
19.0.0.0rc1
19.0.0.0rc2
19.0.0
19.0.1
19.0.2
19.0.3
19.0.4
20.*
20.0.0.0b1
20.0.0.0b2
20.0.0.0b3
20.0.0.0rc1
20.0.0.0rc2
20.0.0
20.0.1
20.1.0
20.2.0
21.*
21.0.0.0b1
21.0.0.0b2
21.0.0.0rc1
21.0.0.0rc2
21.0.0
21.1.0
22.*
22.0.0.0b2
22.0.0.0b3
22.0.0.0rc1
22.0.0
22.1.0
22.1.1
23.*
23.0.0.0b2
23.0.0.0b3
23.0.0.0rc1
23.0.0.0rc2
23.0.0
23.1.0
24.*
24.0.0.0rc1
24.0.0
24.1.0
24.2.0
24.2.1
25.*
25.0.0.0b2
25.0.0.0b3
25.0.0.0rc1
25.0.0
25.1.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5gp5-vxj6-4257/GHSA-5gp5-vxj6-4257.json"