Denial Of Service (DoS)

2019-01-1509:05:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.007 Low

EPSS

Percentile

80.9%

JSON

openstack-glance is vulnerable to denial of service (DoS) attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

CPENameOperatorVersion
openstack-glanceeq16.0.0__0.3.0rc3.el7
openstack-glanceeq16.0.1__1.el7
openstack-glanceeq17.0.0__0.2.0rc2.el7
openstack-glanceeq17.0.0__2.el7
openstack-glanceeq14.0.1__1.el7
openstack-glanceeq2014.1__4.el7ost
openstack-glanceeq2014.1.2__3.el7ost
openstack-glanceeq2014.1.2__1.el7ost
openstack-glanceeq14.0.0__2.el7
openstack-glanceeq2014.1.3__4.el7ost

Name	Operator	Version
openstack-glance	eq	16.0.0__0.3.0rc3.el7
openstack-glance	eq	16.0.1__1.el7
openstack-glance	eq	17.0.0__0.2.0rc2.el7
openstack-glance	eq	17.0.0__2.el7
openstack-glance	eq	14.0.1__1.el7
openstack-glance	eq	2014.1__4.el7ost
openstack-glance	eq	2014.1.2__3.el7ost
openstack-glance	eq	2014.1.2__1.el7ost
openstack-glance	eq	14.0.0__2.el7
openstack-glance	eq	2014.1.3__4.el7ost