Denial of Service in OpenStack Image Registry and Delivery Service by Remote Authenticated Users
CVE-2014-5356
Currently unrated
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 25 August 2014
Summary
OpenStack's Image Registry and Delivery Service (Glance), when using the V2 API, fails to appropriately enforce the image_size_cap configuration setting. This misconfiguration permits remote authenticated users to exploit the system by uploading excessively large images, ultimately leading to denial of service due to disk space exhaustion. This vulnerability could result in significant operational interruptions and must be addressed promptly to safeguard the integrity of the system.
References
Timeline
Vulnerability published
Vulnerability Reserved