OpenStack Glance vulnerabilities
Summary
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-32498) Hyeongeun Ji and Abhishek Kekane discovered several server-side request forgery vulnerabilities in OpenStack Glance's image import. An attacker could possibly use this issue to bypass URL validation checks and redirect to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-34881) Affected Ubuntu releases: 20.04, 18.04, 16.04. CVEs: CVE-2024-32498, CVE-2026-34881.
- Ubuntu 20.04
- Ubuntu 18.04
- Ubuntu 16.04
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.