Denial of Service in OpenStack Image Registry and Delivery Service by Remote Authenticated Users
CVE-2014-5356

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
25 August 2014

Summary

OpenStack's Image Registry and Delivery Service (Glance), when using the V2 API, fails to appropriately enforce the image_size_cap configuration setting. This misconfiguration permits remote authenticated users to exploit the system by uploading excessively large images, ultimately leading to denial of service due to disk space exhaustion. This vulnerability could result in significant operational interruptions and must be addressed promptly to safeguard the integrity of the system.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.