Vulnerability in Openstack Glance

CVE-2015-3289

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.

EPSS: 0.004 (62.5th percentile) — read the EPSS interpretation.

Affected products

Openstack Glance
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

76068 (vdb-entry, x_refsource_BID)
[openstack-announce] 20150728 [OSSA 2015-013] Glance task flow may fail to delete image from backend (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)