GHSA-5gp5-vxj6-4257

Source

https://github.com/advisories/GHSA-5gp5-vxj6-4257

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5gp5-vxj6-4257/GHSA-5gp5-vxj6-4257.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5gp5-vxj6-4257

Aliases

CVE-2022-4134
PYSEC-2023-270

Published

2023-03-07T00:30:24Z

Modified

2024-11-25T22:42:17.454050Z

Severity

2.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability

Details

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

Database specific

{
    "nvd_published_at": "2023-03-06T23:15:00Z",
    "cwe_ids": [
        "CWE-829"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-08T00:16:31Z"
}

References

Affected packages

PyPI / glance

Package

Name: glance; View open source insights on deps.dev
Purl: pkg:pypi/glance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

25.1.0

Affected versions

15.*

15.0.2

17.*

17.0.1

18.*

18.0.0.0b1

18.0.0.0rc1

18.0.0

18.0.1

19.*

19.0.0.0b1

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.0.1

19.0.2

19.0.3

19.0.4

20.*

20.0.0.0b1

20.0.0.0b2

20.0.0.0b3

20.0.0.0rc1

20.0.0.0rc2

20.0.0

20.0.1

20.1.0

20.2.0

21.*

21.0.0.0b1

21.0.0.0b2

21.0.0.0rc1

21.0.0.0rc2

21.0.0

21.1.0

22.*

22.0.0.0b2

22.0.0.0b3

22.0.0.0rc1

22.0.0

22.1.0

22.1.1

23.*

23.0.0.0b2

23.0.0.0b3

23.0.0.0rc1

23.0.0.0rc2

23.0.0

23.1.0

24.*

24.0.0.0rc1

24.0.0

24.1.0

24.2.0

24.2.1

25.*

25.0.0.0b2

25.0.0.0b3

25.0.0.0rc1

25.0.0

25.1.0