CVE-2017-7200

Impact:
Moderate
Public Date:
2017-03-15
CWE:
CWE-918
Bugzilla:
1434244: CVE-2017-7200 openstack-glance: API v1 copy_from reveals network details
The copy_from feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to originate from the Image Service. This is classified as a Server-Side Request Forgery (SSRF). Note: Some knowledge of the internal network might be necessary to exploit this flaw internally (apart from localhost).

Find out more about CVE-2017-7200 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Because the Image Service APIv1 was deprecated in Newton and because a workaround is possible, no fix is being made available.

For impacted products and the recommended mitigation, see the Knowledge Base article for this issue:
https://access.redhat.com/security/vulnerabilities/2999581

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat OpenStack Platform 9.0 openstack-glance Will not fix
Red Hat OpenStack Platform 8.0 (Liberty) openstack-glance Will not fix
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 openstack-glance Will not fix
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 openstack-glance Will not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) openstack-glance Will not fix

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.