CVE-2015-3289
https://notcve.org/view.php?id=CVE-2015-3289
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. Vulnerabilidad en OpenStack Glance en versiones anteriores a 2015.1.1 (kilo), permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) utilizando reiteradamente la API de importación de flujo de tareas para crear imágenes y borrarlas después. • http://lists.openstack.org/pipermail/openstack-announce/2015-July/000481.html http://www.securityfocus.com/bid/76068 https://bugs.launchpad.net/glance/+bug/1454087 • CWE-399: Resource Management Errors •
CVE-2013-4428 – Glance: image_download policy not enforced for cached images
https://notcve.org/view.php?id=CVE-2013-4428
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly con versiones anteriores a 2013.1.4, y Havana con versiones anteriores a 2013.2, cuando se configura la política image_download, no restringe adecuadamente el acceso a las imágenes almacenadas en caché, lo que permite a usuarios remotos autenticados leer de otra manera imágenes restringidas a través de un imagen UUID. • http://rhn.redhat.com/errata/RHSA-2013-1525.html http://www.openwall.com/lists/oss-security/2013/10/15/8 http://www.openwall.com/lists/oss-security/2013/10/16/9 http://www.securityfocus.com/bid/63159 http://www.ubuntu.com/usn/USN-2003-1 https://bugs.launchpad.net/glance/+bug/1235226 https://bugs.launchpad.net/glance/+bug/1235378 https://launchpad.net/glance/+milestone/2013.1.4 https://launchpad.net/glance/+milestone/2013.2 https://access.redhat • CWE-264: Permissions, Privileges, and Access Controls •