Denial of Service Vulnerability in OpenStack Glance Image Service
CVE-2016-8611
4.3MEDIUM
Key Information:
- Vendor
- The Openstack Foundation
- Status
- Openstack-glance
- Vendor
- CVE Published:
- 31 July 2018
Summary
A vulnerability exists in the OpenStack Glance Image service, where no limits are enforced for the /images
API POST method in both v1 and v2 for authenticated users. This oversight can lead to potential denial of service attacks due to the saturation of database tables. Attackers may exploit this flaw to overload the service, impacting its availability and functionality.
Affected Version(s)
openstack-glance v1 and v2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved