VIR Vulnerability Intelligence Relay

CVE-2014-9684

medium
Published 2015-02-24 · Modified 2024-11-25
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v2
4.0
VIR risk
4.0

Description

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-9684

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0
debian debianbullseyefixed0
debian debianforkyfixed0
debian debiansidfixed0
debian debiantrixiefixed0

Package impact
EcosystemPackageVulnerableFixed
python PyPIglance<11.0.0a011.0.0a0

Application impact
VendorProductVersionsFixed
openstackimage_registry_and_delivery_service_\(glance\)2014.2
openstackimage_registry_and_delivery_service_\(glance\)2014.2.1
openstackimage_registry_and_delivery_service_\(glance\)2014.2.2

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.