CVE-2015-3289

CWE-399 CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 41.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Glance

Timeline

PublishedAug 14

Latest updateMay 17

Description

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopenstack/glance2015.1.0

▶Debianglance< 2015.1.0-4+3

Patches

Patch: lists.openstack.org ↗Patch: bugs.launchpad.net ↗Patch: lists.openstack.org ↗

🔴Vulnerability Details

GHSA

GHSA-6c9r-5vjm-r3gh: OpenStack Glance before 2015↗2022-05-17

▶

OSV

CVE-2015-3289: OpenStack Glance before 2015↗2015-08-14

▶

CVEList

CVE-2015-3289: OpenStack Glance before 2015↗2015-08-14

▶

📋Vendor Advisories

Red Hat

openstack-glance: potential resource exhaustion task flow API↗2015-07-28

▶

Debian

CVE-2015-3289: glance - OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cau...↗2015

▶

💬Community

Bugzilla

CVE-2015-3289 openstack-glance: potential resource exhaustion task flow API↗2015-07-16

▶