{"id":"UBUNTU-CVE-2022-4134","details":"A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.","modified":"2026-03-20T06:42:48.864672Z","published":"2023-03-06T23:15:00Z","upstream":["CVE-2022-4134"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4134"},{"type":"REPORT","url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0090"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-4134"}],"affected":[{"package":{"name":"glance","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/glance@2:12.0.0-0ubuntu2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:11.0.0-0ubuntu1","2:12.0.0~b1-0ubuntu1","2:12.0.0~b2-0ubuntu1","2:12.0.0~b3-0ubuntu1","2:12.0.0~rc1-0ubuntu1","2:12.0.0-0ubuntu1","2:12.0.0-0ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:12.0.0-0ubuntu2","binary_name":"glance"},{"binary_version":"2:12.0.0-0ubuntu2","binary_name":"glance-api"},{"binary_version":"2:12.0.0-0ubuntu2","binary_name":"glance-common"},{"binary_version":"2:12.0.0-0ubuntu2","binary_name":"glance-glare"},{"binary_version":"2:12.0.0-0ubuntu2","binary_name":"glance-registry"},{"binary_version":"2:12.0.0-0ubuntu2","binary_name":"python-glance"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4134.json"}},{"package":{"name":"glance","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/glance@2:16.0.1-0ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:15.0.0-0ubuntu1","2:16.0.0~b2-0ubuntu2","2:16.0.0~rc1-0ubuntu1","2:16.0.0~rc2-0ubuntu1","2:16.0.0~rc3-0ubuntu1","2:16.0.0-0ubuntu1","2:16.0.1-0ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:16.0.1-0ubuntu1.1","binary_name":"glance"},{"binary_version":"2:16.0.1-0ubuntu1.1","binary_name":"glance-api"},{"binary_version":"2:16.0.1-0ubuntu1.1","binary_name":"glance-common"},{"binary_version":"2:16.0.1-0ubuntu1.1","binary_name":"glance-registry"},{"binary_version":"2:16.0.1-0ubuntu1.1","binary_name":"python-glance"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4134.json"}},{"package":{"name":"glance","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/glance@2:20.2.0-0ubuntu1.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:19.0.0-0ubuntu1","2:20.0.0~b1~git2019121610.0c6dd98d-0ubuntu1","2:20.0.0~b2~git2020020509.8649fdc2-0ubuntu1","2:20.0.0~b3~git2020032414.30ece7aa-0ubuntu2","2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1","2:20.0.0-0ubuntu0.20.04.1","2:20.0.1-0ubuntu1","2:20.1.0-0ubuntu1","2:20.2.0-0ubuntu1","2:20.2.0-0ubuntu1.1","2:20.2.0-0ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:20.2.0-0ubuntu1.2","binary_name":"glance"},{"binary_version":"2:20.2.0-0ubuntu1.2","binary_name":"glance-api"},{"binary_version":"2:20.2.0-0ubuntu1.2","binary_name":"glance-common"},{"binary_version":"2:20.2.0-0ubuntu1.2","binary_name":"python3-glance"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4134.json"}},{"package":{"name":"glance","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/glance@2:24.2.1-0ubuntu1.4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:23.0.0-0ubuntu1","2:23.0.0+git2021120811.4ee7799aa-0ubuntu1","2:23.0.0+git2022011216.502fa0ffc-0ubuntu1","2:24.0.0~rc1+git2022030311.d4119be05-0ubuntu1","2:24.0.0-0ubuntu1","2:24.1.0-0ubuntu1","2:24.1.0-0ubuntu1.1","2:24.2.0-0ubuntu1","2:24.2.1-0ubuntu1","2:24.2.1-0ubuntu1.2","2:24.2.1-0ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_version":"2:24.2.1-0ubuntu1.4","binary_name":"glance"},{"binary_version":"2:24.2.1-0ubuntu1.4","binary_name":"glance-api"},{"binary_version":"2:24.2.1-0ubuntu1.4","binary_name":"glance-common"},{"binary_version":"2:24.2.1-0ubuntu1.4","binary_name":"python3-glance"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4134.json"}},{"package":{"name":"glance","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/glance@2:28.1.0-0ubuntu1.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:27.0.0-0ubuntu1","2:28.0.0~b2+git2024011916.f429b53e-0ubuntu1","2:28.0.0~rc1-0ubuntu1","2:28.0.1-0ubuntu1","2:28.0.1-0ubuntu1.2","2:28.1.0-0ubuntu1","2:28.1.0-0ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:28.1.0-0ubuntu1.2","binary_name":"glance"},{"binary_version":"2:28.1.0-0ubuntu1.2","binary_name":"glance-api"},{"binary_version":"2:28.1.0-0ubuntu1.2","binary_name":"glance-common"},{"binary_version":"2:28.1.0-0ubuntu1.2","binary_name":"python3-glance"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4134.json"}},{"package":{"name":"glance","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/glance@2:31.0.0-0ubuntu1.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:30.0.0-0ubuntu1","2:30.0.0+git2025070714.9b2cd1634-0ubuntu1","2:31.0.0~rc1-0ubuntu1","2:31.0.0-0ubuntu1","2:31.0.0-0ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:31.0.0-0ubuntu1.2","binary_name":"glance"},{"binary_version":"2:31.0.0-0ubuntu1.2","binary_name":"glance-api"},{"binary_version":"2:31.0.0-0ubuntu1.2","binary_name":"glance-common"},{"binary_version":"2:31.0.0-0ubuntu1.2","binary_name":"python3-glance"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4134.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}