{"version":"1.0","provider_name":"Yaook","provider_url":"https:\/\/yaook.cloud\/en","author_name":"Stefan Hoffmann","author_url":"https:\/\/yaook.cloud\/en\/author\/yaook-admin\/","title":"security-advisories\/ossa-2026-004 &#187; Yaook","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"jNNJwEws88\"><a href=\"https:\/\/yaook.cloud\/en\/security-advisories-ossa-2026-004\/\">security-advisories\/ossa-2026-004<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/yaook.cloud\/en\/security-advisories-ossa-2026-004\/embed\/#?secret=jNNJwEws88\" width=\"600\" height=\"338\" title=\"&#8220;security-advisories\/ossa-2026-004&#8221; &#8212; Yaook\" data-secret=\"jNNJwEws88\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/yaook.cloud\/wp-includes\/js\/wp-embed.min.js\n<\/script>","description":"YAOOK Security Advisory for OSSA-2026-004 Date: 2026-03-19 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2026-004.html Upstream bug report: https:\/\/bugs.launchpad.net\/glance\/+bug\/2138602 What is OSSA-2026-004 and how does it affect YAOOK? Server-Side Request Forgery (SSRF) vulnerabilities in OpenStack Glance image import functionality By use of HTTP redirects, an authenticated user canbypass URL validation checks and redirect to internal services. Only glance image import [&hellip;]"}