CVE-2014-9623: OpenStack Glance Bypass the storage quota and Denial of service

May 17, 2022 (updated May 14, 2024)

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

References

bugs.launchpad.net/glance/+bug/1383973
bugs.launchpad.net/glance/+bug/1398830
github.com/advisories/GHSA-j4mh-9wq6-8rg6
github.com/openstack/glance
github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea
github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31
github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0
nvd.nist.gov/vuln/detail/CVE-2014-9623
security.openstack.org/ossa/OSSA-2015-003.html

Detect and mitigate CVE-2014-9623 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →