Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ndmpnLXI5ZnYtN3F4Oc4AAdFg
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
Permalink: https://github.com/advisories/GHSA-gvjg-r9fv-7qx9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndmpnLXI5ZnYtN3F4Oc4AAdFg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-gvjg-r9fv-7qx9, CVE-2015-5286
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-5286
- https://bugs.launchpad.net/bugs/1498163
- https://security.openstack.org/ossa/OSSA-2015-020.html
- https://access.redhat.com/errata/RHSA-2015:1897
- https://access.redhat.com/security/cve/CVE-2015-5286
- https://bugzilla.redhat.com/show_bug.cgi?id=1267516
- https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943
- https://rhn.redhat.com/errata/RHSA-2015-1897.html
- https://github.com/advisories/GHSA-gvjg-r9fv-7qx9
Affected Packages
pypi:glance
Dependent packages: 0Dependent repositories: 13
Downloads: 4,341 last month
Affected Version Ranges: >= 2015.1.0, < 2015.1.2, < 2014.2.4
Fixed in: 2015.1.2, 2014.2.4
All affected versions: 15.0.2, 17.0.1, 18.0.0, 18.0.1, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.0.4, 20.0.0, 20.0.1, 20.1.0, 20.2.0, 21.0.0, 21.1.0, 22.0.0, 22.1.0, 22.1.1, 23.0.0, 23.1.0, 24.0.0, 24.1.0, 24.2.0, 24.2.1, 25.0.0, 25.1.0, 26.0.0, 27.0.0, 28.0.0
All unaffected versions: