Denial of Service Vulnerability in OpenStack Image Service (Glance)
CVE-2015-5286

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 26 October 2015

Summary

The OpenStack Image Service (Glance) is susceptible to a vulnerability that allows remote authenticated users to bypass storage quotas. This occurs during the image upload process, where the token used can expire, enabling the deletion of images that are still being uploaded. This flaw stems from an incomplete fix for a prior vulnerability, leading to potential denial of service through excessive disk consumption.

References

https://bugs.launchpad.net/bugs/1498163

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76943

vdb-entryx_refsource_BID

https://security.openstack.org/ossa/OSSA-2015-020.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jul 1, 2015