Home > Vulnerability Database > CVE-2017-7200

Mend.io Vulnerability Database

CVE-2017-7200

Date: March 21, 2017

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Severity Score

5.8

Related Resources (8)

Url: https://wiki.openstack.org/wiki/OSSN/OSSN-0078

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-7200

Url: http://www.securityfocus.com/bid/96988

Url: https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3

Url: https://github.com/openstack/glance

Url: https://bugs.launchpad.net/ossn/+bug/1153614

Url: https://bugs.launchpad.net/ossn/+bug/1606495

Url: https://www.mend.io/vulnerability-database/CVE-2017-7200

Severity Score

5.8

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-7200

Date: March 21, 2017

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?