CVE-2014-9623
published 2015-01-23CVE-2014-9623: OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service…
medium4CVSS 3.1
AVNACLAuSCNINAP
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glance | < glance 2014.1.3-12 (bookworm) | glance 2014.1.3-12 (bookworm) |
| debian | glance | < glance 1:11.0.0-1 (bookworm) | glance 1:11.0.0-1 (bookworm) |
| glance_project | glance | >= 0 < 2014.1.3-12 | 2014.1.3-12 |
| glance_project | glance | >= 0 < 1:11.0.0-1 | 1:11.0.0-1 |
| glance_project | glance | >= 0 < 2014.1.3-12 | 2014.1.3-12 |
| glance_project | glance | >= 0 < 1:11.0.0-1 | 1:11.0.0-1 |
| glance_project | glance | >= 0 < 2014.1.3-12 | 2014.1.3-12 |
| glance_project | glance | >= 0 < 1:11.0.0-1 | 1:11.0.0-1 |
| glance_project | glance | >= 0 < 2014.1.3-12 | 2014.1.3-12 |
| glance_project | glance | >= 0 < 1:11.0.0-1 | 1:11.0.0-1 |
| glance_project | glance | >= 0 < 11.0.0a0 | 11.0.0a0 |
| glance_project | glance | >= 0 < 2014.2.4 | 2014.2.4 |
| glance_project | glance | >= 2015.1.0 < 2015.1.2 | 2015.1.2 |
| openstack | image_registry_and_delivery_service | <= 2014.1.3 | — |
| openstack | image_registry_and_delivery_service | <= 2014.2.3 | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:C
ghsa4.0MEDIUM
osv4.0MEDIUM