CVE-2014-9684

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

Published Bycve@mitre.org

Published DateFeb 24, 2015, 15:59

Affected Versions(1)

glance(PyPI)

Introduced0

Fixed11.0.0a0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
glance(PyPI)	0	11.0.0a0	N/A

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL