2014.2.2

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

openstack

CWE-399

NVD

Published: 2015-02-24

Updated: 2017-01-03

Summary

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Image Registry AND Delivery Service (Glance) 2014.2 Openstack Image Registry AND Delivery Service (Glance) 2014.2.1 Openstack Image Registry AND Delivery Service (Glance) 2014.2.2	3

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Redhat

advisories

rhsa

id	RHSA-2015:0938

rpms

openstack-glance-0:2014.2.3-1.el7ost
openstack-glance-doc-0:2014.2.3-1.el7ost
python-glance-0:2014.2.3-1.el7ost
python-glance-store-0:0.1.10-3.el7ost

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References