U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:-
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2015-5286

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.

Published: October 26, 2015; 1:59:07 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-5251

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Published: October 26, 2015; 1:59:06 PM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Published: January 23, 2015; 10:59:06 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-5356

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

Published: August 25, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-4354

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Published: November 23, 2013; 12:55:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

Published: November 11, 2012; 8:00:59 AM -0500
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2012-4573

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

Published: November 11, 2012; 8:00:58 AM -0500
V3.x:(not available)
V2.0: 5.5 MEDIUM