CVE-2014-9684: OpenStack Glance Denial of service by creating a large number of images

May 17, 2022 (updated May 14, 2024)

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

References

bugs.launchpad.net/glance/+bug/1371118
github.com/advisories/GHSA-h737-q6g6-8wr6
github.com/openstack/glance
github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5c
github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601
nvd.nist.gov/vuln/detail/CVE-2014-9684

Detect and mitigate CVE-2014-9684 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →