CVE-2014-9623 – glance

Package

Manager: pip
Name: glance
Vulnerable Version: >=0 <11.0.0a0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01006 pctl0.76194

Details

OpenStack Glance Bypass the storage quota and Denial of service OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Metadata

Created: 2022-05-17T03:28:28Z
Modified: 2024-05-14T21:32:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j4mh-9wq6-8rg6/GHSA-j4mh-9wq6-8rg6.json
CWE IDs: []
Alternative ID: GHSA-j4mh-9wq6-8rg6
Finding: F002
Auto approve: 1