CVE-2014-9623
openstack-glance: user storage quota bypass
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
OpenStack Glance 2014.2.x hasta la versiĆ³n 2014.2.1, 2014.1.3 y versiones anteriores permite a usuarios remotos autenticados eludir la cuota de almacenamiento y causar una denegaciĆ³n de servicio (consumo de disco) mediante el borrado de una imagen en el estado de ahorro.
A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-18 CVE Reserved
- 2015-01-23 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-09-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/62165 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2015/01/18/4 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | X_refsource_confirm |
|
| https://bugs.launchpad.net/glance/+bug/1383973 | X_refsource_confirm | |
| https://security.openstack.org/ossa/OSSA-2015-003.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/glance/+bug/1398830 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0644.html | 2016-12-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-0837.html | 2016-12-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-0838.html | 2016-12-07 | |
| https://access.redhat.com/security/cve/CVE-2014-9623 | 2015-04-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1183647 | 2015-04-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | <= 2014.1.3 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version " <= 2014.1.3" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2014.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2014.2" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2014.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2014.2" | rc1 |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2014.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2014.2" | rc2 |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2014.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2014.2" | rc3 |
Affected
| ||||||