Denial of Service Vulnerability in OpenStack Glance by OpenStack
CVE-2015-3289

Currently unrated

Key Information:

Vendor: Openstack
Status: Glance
Vendor: CVE Published:; 14 August 2015

Summary

OpenStack Glance versions prior to 2015.1.1 suffer from a vulnerability that enables remote authenticated users to exploit the import task flow API. By creating and deleting images repeatedly, these users can induce a denial of service by exhausting available disk space. This poses significant risks, particularly in environments where resource management is critical.

References

http://www.securityfocus.com/bid/76068

vdb-entryx_refsource_BID

http://lists.openstack.org/pipermail/openstack-announce/2...

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/glance/+bug/1454087

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 14, 2015
Vulnerability Reserved
Apr 10, 2015