Denial of Service in OpenStack Image Registry by Remote Users
CVE-2014-9684
Currently unrated
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 24 February 2015
Summary
The OpenStack Image Registry and Delivery Service (Glance) versions 2014.2 to 2014.2.2 are susceptible to a denial of service vulnerability. This occurs when remote authenticated users exploit the task v2 API to create an excessive number of images. By subsequently deleting them before the uploads are complete, they can lead to significant disk consumption, impacting overall service availability and performance.
References
Timeline
Vulnerability published
Vulnerability Reserved