← Volver a CVEs
CVE-2026-34881
MEDIUM5.0
Descripcion
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.
Detalles CVE
Puntuacion CVSS v3.15.0
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado3/31/2026
Ultima modificacion4/2/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-918
Referencias
https://bugs.launchpad.net/glance/+bug/2138602(cve@mitre.org)
https://security.openstack.org/ossa/OSSA-2026-004.html(cve@mitre.org)
https://bugs.launchpad.net/glance/+bug/2138602(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.