Skip to main content

Image Registry And Delivery Service Glance CVE-2015-5286

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2015-10-26 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:N/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
C

Lifecycle Timeline

1
CVE Published
Oct 26, 2015 - 17:59 cve.org
MEDIUM 6.8

DescriptionCVE.org

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.

AnalysisAI

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-264. OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. Affected products include: Openstack Image Registry And Delivery Service \(Glance\). Version information: before 2014.2.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-1881 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9684 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9623 MEDIUM POC
4.0 Jan 23

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storag

CVE-2015-1195 MEDIUM
6.5 Jan 21

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows

CVE-2014-0162 MEDIUM
6.0 Apr 27

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse befor

CVE-2012-5482 MEDIUM
5.5 Nov 11

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2012-4573 MEDIUM
5.5 Nov 11

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2014-9493 MEDIUM
5.5 Jan 07

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenti

CVE-2015-5251 MEDIUM
5.5 Oct 26

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated u

CVE-2016-0757 MEDIUM
4.3 Apr 13

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations

CVE-2013-0212 MEDIUM
4.0 Feb 24

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single te

CVE-2014-5356 MEDIUM
4.0 Aug 25

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3,

Share

CVE-2015-5286 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy