CVE-2014-5356
published 2014-08-25CVE-2014-5356: OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not…
medium4CVSS 3.1
AVNACLAuSCNINAP
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | glance | < glance 2014.1.3-1 (bookworm) | glance 2014.1.3-1 (bookworm) |
| glance_project | glance | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| glance_project | glance | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| glance_project | glance | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| glance_project | glance | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| glance_project | glance | >= 0 < 11.0.0a0 | 11.0.0a0 |
| openstack | image_registry_and_delivery_service | <= 2013.2.3 | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM