- Description
- OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:N/A:P
- nvd@nist.gov
- CWE-399
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641"
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEAB5B21-2F3D-4A5D-9554-B7F984FF5D48"
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "071E2B7B-5E6B-4108-8E46-5E72AC22B168"
}
],
"operator": "OR"
}
]
}
]