VYPR
Get started
← All advisories
Medium severity5.8NVD Advisory· Published Mar 21, 2017· Updated May 13, 2026

CVE-2017-7200

CVE-2017-7200

Description

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
glancePyPI
< 11.0.0a011.0.0a0

Affected products

1

Patches

1
b1ac90f7914d

Add a policy handler to control copy-from functionality

https://github.com/openstack/glanceJohn BresnahanMar 28, 2013via ghsa
commit
2 files changed · +40 0
  • glance/api/v1/images.py+2 0 modified
    @@ -683,6 +683,8 @@ def create(self, req, image_meta, image_data):
         is_public = image_meta.get('is_public')
         if is_public:
             self._enforce(req, 'publicize_image')
+        if Controller._copy_from(req):
+            self._enforce(req, 'copy_from')
 
         image_meta = self._reserve(req, image_meta)
         id = image_meta['id']
  • glance/tests/unit/v1/test_api.py+38 0 modified
    @@ -2363,6 +2363,44 @@ def test_add_publicize_image_authorized(self):
         res = req.get_response(self.api)
         self.assertEquals(res.status_int, httplib.CREATED)
 
+    def test_add_copy_from_image_unauthorized(self):
+        rules = {"add_image": '@', "copy_from": '!'}
+        self.set_policy_rules(rules)
+        fixture_headers = {'x-image-meta-store': 'file',
+                           'x-image-meta-disk-format': 'vhd',
+                           'x-glance-api-copy-from': 'http://glance.com/i.ovf',
+                           'x-image-meta-container-format': 'ovf',
+                           'x-image-meta-name': 'fake image #F'}
+
+        req = webob.Request.blank("/images")
+        req.method = 'POST'
+        for k, v in fixture_headers.iteritems():
+            req.headers[k] = v
+
+        req.headers['Content-Type'] = 'application/octet-stream'
+        req.body = "chunk00000remainder"
+        res = req.get_response(self.api)
+        self.assertEquals(res.status_int, 403)
+
+    def test_add_copy_from_image_authorized(self):
+        rules = {"add_image": '@', "copy_from": '@'}
+        self.set_policy_rules(rules)
+        fixture_headers = {'x-image-meta-store': 'file',
+                           'x-image-meta-disk-format': 'vhd',
+                           'x-glance-api-copy-from': 'http://glance.com/i.ovf',
+                           'x-image-meta-container-format': 'ovf',
+                           'x-image-meta-name': 'fake image #F'}
+
+        req = webob.Request.blank("/images")
+        req.method = 'POST'
+        for k, v in fixture_headers.iteritems():
+            req.headers[k] = v
+
+        req.headers['Content-Type'] = 'application/octet-stream'
+        req.body = "chunk00000remainder"
+        res = req.get_response(self.api)
+        self.assertEquals(res.status_int, httplib.CREATED)
+
     def _do_test_post_image_content_missing_format(self, missing):
         """Tests creation of an image with missing format"""
         fixture_headers = {'x-image-meta-store': 'file',

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.