CVE-2015-5286 – glance

Package

Manager: pip
Name: glance
Vulnerable Version: >=0 <2014.2.4 || >=2015.1.0 <2015.1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00445 pctl0.62504

Details

OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.

Metadata

Created: 2022-05-17T03:44:52Z
Modified: 2023-02-08T18:12:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gvjg-r9fv-7qx9/GHSA-gvjg-r9fv-7qx9.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-gvjg-r9fv-7qx9
Finding: F002
Auto approve: 1