Denial of Service in OpenStack Image Registry by Remote Users
CVE-2014-9684

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 24 February 2015

Summary

The OpenStack Image Registry and Delivery Service (Glance) versions 2014.2 to 2014.2.2 are susceptible to a denial of service vulnerability. This occurs when remote authenticated users exploit the task v2 API to create an excessive number of images. By subsequently deleting them before the uploads are complete, they can lead to significant disk consumption, impacting overall service availability and performance.

References

http://lists.openstack.org/pipermail/openstack-announce/2...

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/glance/+bug/1371118

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2015-0938.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Feb 24, 2015
Vulnerability Reserved
Feb 19, 2015