oss-sec mailing list archives
CVE request for vulnerability in OpenStack Glance
From: Tristan Cacqueray <tristan.cacqueray () enovance com>
Date: Thu, 19 Feb 2015 10:36:54 -0500
A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Glance import task leaks image in backend Reporter: Abhishek Kekane (NTT) Products: Glance Affects: 2014.2 versions through 2014.2.2 Description: Abhishek Kekane from NTT reported a vulnerability in the Glance import task. By creating numerous images using the task API and deleting them, an authenticated attacker may accumulate untracked image data in the backend resulting in potential resource exhaustion and denial of service. All glance setups using API v2 are affected. References: https://launchpad.net/bugs/1420696 https://launchpad.net/bugs/1422716 Thanks in advance, -- Tristan Cacqueray OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 12)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 16)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Jan 18)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)