CVE-2014-9623
OpenStack Glance <2014.2.x-2014.2.1, 2014.1.3 - Auth Bypass
Title source: llmDescription
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0838.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0644.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62165
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0837.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/18/4
Exploit x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1398830
Various Sources x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2015-003.html
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1383973
Scores
EPSS
0.0030
EPSS Percentile
53.6%
Details
CWE
CWE-399
Status
published
Products (4)
openstack/image_registry_and_delivery_service_\(glance\)
2014.2 (4 CPE variants)
openstack/image_registry_and_delivery_service_\(glance\)
< 2014.1.3
pypi/glance
0 - 11.0.0a0PyPI
redhat/openstack
5.0
Published
Jan 23, 2015
Tracked Since
Feb 18, 2026