CVE-2015-1881

2015-02-2415:59:08

Debian Security Bug Tracker

security-tracker.debian.org

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.9%

JSON

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.

OSVersionArchitecturePackageVersionFilename
Debian12allglance< 2:25.1.0-2glance_2:25.1.0-2_all.deb
Debian11allglance< 2:21.0.0-2+deb11u1glance_2:21.0.0-2+deb11u1_all.deb
Debian10allglance< 2:17.0.0-4glance_2:17.0.0-4_all.deb
Debian999allglance< 2:28.0.1-3glance_2:28.0.1-3_all.deb
Debian13allglance< 2:28.0.1-3glance_2:28.0.1-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	glance	< 2:25.1.0-2	glance_2:25.1.0-2_all.deb
Debian	11	all	glance	< 2:21.0.0-2+deb11u1	glance_2:21.0.0-2+deb11u1_all.deb
Debian	10	all	glance	< 2:17.0.0-4	glance_2:17.0.0-4_all.deb
Debian	999	all	glance	< 2:28.0.1-3	glance_2:28.0.1-3_all.deb
Debian	13	all	glance	< 2:28.0.1-3	glance_2:28.0.1-3_all.deb