Abhishek Kekane

**Name of the Vulnerable Software and Affected Versions** OpenStack Glance versions prior to 2015.1.1 (kilo) **Description** The issue allows remote authenticated users to cause a denial of service by consuming disk space. This is achieved by repeatedly using the import task flow API to create images and then deleting them. **Recommendations** For versions prior to 2015.1.1 (kilo), update to version 2015.1.1 (kilo) or later to resolve the issue. As a temporary workaround, consider restricting access to the import task flow API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenStack Image Registry and Delivery Service (Glance) versions 2014.2 through 2014.2.2 **Description** The issue allows remote authenticated users to cause a denial of service, specifically disk consumption, by creating and then deleting a large number of images using the task v2 API. **Recommendations** For versions 2014.2 through 2014.2.2, consider restricting access to the task v2 API to prevent excessive image creation and deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.