CVE-2015-5286: OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
(updated )
A race-condition flaw was discovered in the OpenStack Image service (glance). When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion.
References
- rhn.redhat.com/errata/RHSA-2015-1897.html
- access.redhat.com/errata/RHSA-2015:1897
- access.redhat.com/security/cve/CVE-2015-5286
- bugs.launchpad.net/bugs/1498163
- bugzilla.redhat.com/show_bug.cgi?id=1267516
- github.com/advisories/GHSA-gvjg-r9fv-7qx9
- nvd.nist.gov/vuln/detail/CVE-2015-5286
- security.openstack.org/ossa/OSSA-2015-020.html
- web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943
Code Behaviors & Features
Detect and mitigate CVE-2015-5286 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →