PT-2014-6432 · Openstack+1 · Openstack Image Registry/Delivery Service+1
Stuart Mclaren
+1
·
Publicado
2014-08-20
·
Atualizado
2022-05-17
·
CVE-2014-5356
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Image Registry and Delivery Service (Glance) versions prior to 2013.2.4
OpenStack Image Registry and Delivery Service (Glance) versions 2014.x prior to 2014.1.3
OpenStack Image Registry and Delivery Service (Glance) versions prior to Juno-3
Description
The issue allows remote authenticated users to cause a denial of service by consuming disk space through uploading large images, due to the improper enforcement of the
image size cap configuration option when using the V2 API.Recommendations
For versions prior to 2013.2.4, update to version 2013.2.4 or later to resolve the issue.
For versions 2014.x prior to 2014.1.3, update to version 2014.1.3 or later to resolve the issue.
For versions prior to Juno-3, update to Juno-3 or later to resolve the issue.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openstack Image Registry/Delivery Service
Ubuntu