CVE-2014-9623Improper Enforcement of Behavioral Workflow in Project Glance

CWE-399CWE-841Improper Enforcement of Behavioral WorkflowCWE-400Uncontrolled Resource Consumption11 documents7 sources
Severity
4.0MEDIUMNVD
EPSS
0.4%
top 42.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glance Project GlanceOpenstack Image Registry AND Delivery ServiceRedhat Openstack
Timeline
PublishedJan 23
Latest updateMay 17

Description

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

PyPIglance_project/glance< 11.0.0a0
Debianglance_project/glance< 2014.1.3-12+3

🔴Vulnerability Details

5
OSV
OpenStack Glance Bypass the storage quota and Denial of service2022-05-17
GHSA
OpenStack Glance Bypass the storage quota and Denial of service2022-05-17
GHSA
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service2022-05-17
OSV
CVE-2014-9623: OpenStack Glance 20142015-01-23
CVEList
CVE-2014-9623: OpenStack Glance 20142015-01-23

📋Vendor Advisories

3
Red Hat
openstack-glance: Storage overrun by deleting images2015-10-01
Red Hat
openstack-glance: user storage quota bypass2015-01-16
Debian
CVE-2014-9623: glance - OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote ...2014

💬Community

2
Bugzilla
CVE-2014-9623 openstack-glance: user storage quota bypass [fedora-all]2015-01-29
Bugzilla
CVE-2014-9623 openstack-glance: user storage quota bypass2015-01-19
CVE-2014-9623 — Glance Project Glance vulnerability | cvebase