Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the OpenStack Glance image import functionality. Attackers can bypass URL validation checks by utilizing HTTP redirects to redirect requests to internal services. This vulnerability primarily affects the and image import methods, as well as the optional image import plugin. Affected Versions Glance =30.0.0 =31.0.0 Remediation Remediation measures for the different vulnerability types are as follows: 1. web-download Import Method - HTTP Redirect Bypass Remediation: Implement a to validate the redirect target before following redirects, utilizing the same URL logic as the check. 2. web-download Import Method - IP Address Encoding Bypass Remediation: Implement a function using Python's standard library module to validate IP addresses. This module accepts only standard dotted-decimal notation (IPv4) and standard formats (IPv6), automatically rejecting all encoded formats (such as decimal, hexadecimal, and octal) to prevent SSRF bypass attacks. 3. glance-download Import Method - Redirect Bypass Remediation: Use the aforementioned to validate redirect targets during the image data download and metadata retrieval steps. 4. OVF Processing - SSRF Remediation**: Add URI validation (using ) and redirect validation (using ), replacing the original code that directly called without validation.