Denial of Service Vulnerability in OpenStack Glance Image Service
CVE-2016-8611

4.3MEDIUM

Key Information:

Vendor
The Openstack Foundation
Status
Openstack-glance
Vendor
CVE Published:
31 July 2018

Summary

A vulnerability exists in the OpenStack Glance Image service, where no limits are enforced for the /images API POST method in both v1 and v2 for authenticated users. This oversight can lead to potential denial of service attacks due to the saturation of database tables. Attackers may exploit this flaw to overload the service, impacting its availability and functionality.

Affected Version(s)

openstack-glance v1 and v2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037312
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94378
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.