Vulnerabilities > CVE-2022-4134 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

CVSS 2.8 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

local

low complexity

openstack

redhat

CWE-829

NVD

Published: 2023-03-06

Updated: 2023-03-13

Summary

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Glance *	1
Application	Redhat Redhat Openstack 13 Redhat Openstack 16.1 Redhat Openstack 16.2 Redhat Openstack 17	4

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://wiki.openstack.org/wiki/OSSN/OSSN-0090
https://bugzilla.redhat.com/show_bug.cgi?id=2147462
https://bugs.launchpad.net/glance/+bug/1990157