5.8

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2017-7200

GHSA ID

GHSA-j6mr-cm6x-h6jg

EPSS Score

0.58369%

CWE

CWE-918

Published

5/17/2022

Updated

5/24/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-7200

CVE-2017-7200: OpenStack Glance Server-Side Request Forgery (SSRF)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2017-7200

CVE-2017-7200:

5.8

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2017-7200

GHSA ID

GHSA-j6mr-cm6x-h6jg

EPSS Score

0.58369%

CWE

CWE-918

Published

5/17/2022

Updated

5/24/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
glance	pip	< 11.0.0a0	11.0.0a0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the 'copy_from' feature in Glance's v1 API being accessible without proper access controls. The GitHub patch explicitly adds a policy check (self._enforce(req, 'copy_from')) in the create method of images.py, indicating this was the missing security control. The pre-patch code allowed any user to supply a 'copy_from' URL, which Glance would fetch server-side, enabling SSRF. The added unit tests in test_api.py validate that unauthorized copy_from usage is now blocked, confirming the function's prior vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2017-7200: OpenStack Glance Server-Side Request Forgery (SSRF)

CVE-2017-7200:

5.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2017-7200: OpenStack Glance Server-Side Request Forgery (SSRF)

5.8

5.8

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI