Denial of Service in OpenStack Image Registry by Remote Users
CVE-2014-9684

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
24 February 2015

Summary

The OpenStack Image Registry and Delivery Service (Glance) versions 2014.2 to 2014.2.2 are susceptible to a denial of service vulnerability. This occurs when remote authenticated users exploit the task v2 API to create an excessive number of images. By subsequently deleting them before the uploads are complete, they can lead to significant disk consumption, impacting overall service availability and performance.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.