{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2015:0838", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"name": "RHSA-2015:0644", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"name": "62165", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62165"}, {"name": "RHSA-2015:0837", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9623", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:0838", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"name": "RHSA-2015:0644", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"name": "62165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62165"}, {"name": "RHSA-2015:0837", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "https://bugs.launchpad.net/glance/+bug/1383973", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"name": "https://bugs.launchpad.net/glance/+bug/1398830", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"name": "https://security.openstack.org/ossa/OSSA-2015-003.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:47:41.740Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:0838", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"name": "RHSA-2015:0644", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"name": "62165", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62165"}, {"name": "RHSA-2015:0837", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9623", "datePublished": "2015-01-23T15:00:00", "dateReserved": "2015-01-18T00:00:00", "dateUpdated": "2024-08-06T13:47:41.740Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "43629DD7-3510-4639-812E-7F09642B6B21", "versionEndIncluding": "2014.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*", "matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "D7D19295-250D-4577-95A3-94E71789C639", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "81CC384F-0D8D-4119-B3CD-4B585DBDF267", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "625B1FA7-E7F3-4F1D-B58D-E23BAE4B1DC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."}, {"lang": "es", "value": "OpenStack Glance 2014.2.x hasta la versi\u00f3n 2014.2.1, 2014.1.3 y versiones anteriores permite a usuarios remotos autenticados eludir la cuota de almacenamiento y causar una denegaci\u00f3n de servicio (consumo de disco) mediante el borrado de una imagen en el estado de ahorro."}], "id": "CVE-2014-9623", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-23T15:59:06.537", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62165"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"source": "cve@mitre.org", "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil (NTT) as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:0838", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-glance-0:2014.1.4-1.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0837", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-glance-0:2014.1.4-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0644", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-glance-0:2014.2.2-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0644", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "python-glanceclient-1:0.14.2-2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "openstack-glance: user storage quota bypass", "id": "1183647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183647"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-841->CWE-400", "details": ["OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.", "A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service."], "name": "CVE-2014-9623", "package_state": [{"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "openstack-glance", "product_name": "Red Hat OpenStack Platform 4"}], "public_date": "2015-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-9623\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9623"], "threat_severity": "Low"}