OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
2014-08-25T14:55:07.160
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:P
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openstack | image_registry_and_delivery_service_\(glance\) | ≤ 2013.2.3 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | 2013.2 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | 2013.2.1 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | 2013.2.2 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | 2014.1 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | 2014.1.1 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | 2014.1.2 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | juno-1 | Yes |
| Application | openstack | image_registry_and_delivery_service_\(glance\) | juno-2 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |