Vulnerability Details CVE-2015-3289
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://lists.openstack.org/pipermail/openstack-announce/2015-July/000481.html
- http://www.securityfocus.com/bid/76068
- https://bugs.launchpad.net/glance/+bug/1454087
- http://lists.openstack.org/pipermail/openstack-announce/2015-July/000481.html
- http://www.securityfocus.com/bid/76068
- https://bugs.launchpad.net/glance/+bug/1454087
Products affected by CVE-2015-3289
-
cpe:2.3:a:openstack:glance:0.1.7
-
cpe:2.3:a:openstack:glance:1.0
-
cpe:2.3:a:openstack:glance:11.0.0
-
cpe:2.3:a:openstack:glance:11.0.1
-
cpe:2.3:a:openstack:glance:11.0.2
-
cpe:2.3:a:openstack:glance:12.0.0
-
cpe:2.3:a:openstack:glance:13.0.0
-
cpe:2.3:a:openstack:glance:14.0.0
-
cpe:2.3:a:openstack:glance:14.0.1
-
cpe:2.3:a:openstack:glance:15.0.0
-
cpe:2.3:a:openstack:glance:15.0.1
-
cpe:2.3:a:openstack:glance:15.0.2
-
cpe:2.3:a:openstack:glance:16.0.0
-
cpe:2.3:a:openstack:glance:16.0.1
-
cpe:2.3:a:openstack:glance:17.0.0
-
cpe:2.3:a:openstack:glance:18.0.0
-
cpe:2.3:a:openstack:glance:19.0.0
-
cpe:2.3:a:openstack:glance:19.0.1
-
cpe:2.3:a:openstack:glance:19.0.2
-
cpe:2.3:a:openstack:glance:19.0.3
-
cpe:2.3:a:openstack:glance:19.0.4
-
cpe:2.3:a:openstack:glance:2.0
-
cpe:2.3:a:openstack:glance:20.0.0
-
cpe:2.3:a:openstack:glance:20.0.0.0
-
cpe:2.3:a:openstack:glance:20.0.1
-
cpe:2.3:a:openstack:glance:20.1.0
-
cpe:2.3:a:openstack:glance:2011.2
-
cpe:2.3:a:openstack:glance:2011.3
-
cpe:2.3:a:openstack:glance:2011.3.1
-
cpe:2.3:a:openstack:glance:2012.1
-
cpe:2.3:a:openstack:glance:2012.1.1
-
cpe:2.3:a:openstack:glance:2012.1.2
-
cpe:2.3:a:openstack:glance:2012.2
-
cpe:2.3:a:openstack:glance:2012.2.1
-
cpe:2.3:a:openstack:glance:2012.2.2
-
cpe:2.3:a:openstack:glance:2012.2.3
-
cpe:2.3:a:openstack:glance:2012.2.4
-
cpe:2.3:a:openstack:glance:2013.1
-
cpe:2.3:a:openstack:glance:2013.1.1
-
cpe:2.3:a:openstack:glance:2013.1.2
-
cpe:2.3:a:openstack:glance:2013.1.3
-
cpe:2.3:a:openstack:glance:2013.1.4
-
cpe:2.3:a:openstack:glance:2013.1.5
-
cpe:2.3:a:openstack:glance:2013.2
-
cpe:2.3:a:openstack:glance:2013.2.1
-
cpe:2.3:a:openstack:glance:2013.2.2
-
cpe:2.3:a:openstack:glance:2013.2.3
-
cpe:2.3:a:openstack:glance:2013.2.4
-
cpe:2.3:a:openstack:glance:2014.1
-
cpe:2.3:a:openstack:glance:2014.1.1
-
cpe:2.3:a:openstack:glance:2014.1.2
-
cpe:2.3:a:openstack:glance:2014.1.3
-
cpe:2.3:a:openstack:glance:2014.1.4
-
cpe:2.3:a:openstack:glance:2014.1.5
-
cpe:2.3:a:openstack:glance:2014.2
-
cpe:2.3:a:openstack:glance:2014.2.1
-
cpe:2.3:a:openstack:glance:2014.2.2
-
cpe:2.3:a:openstack:glance:2014.2.3
-
cpe:2.3:a:openstack:glance:2014.2.4
-
cpe:2.3:a:openstack:glance:2015.1.0
-
cpe:2.3:a:openstack:glance:21.0.0
-
cpe:2.3:a:openstack:glance:21.0.0.0
-
cpe:2.3:a:openstack:glance:22.0.0
-
cpe:2.3:a:openstack:glance:22.0.0.0
-
cpe:2.3:a:openstack:glance:22.1.0
-
cpe:2.3:a:openstack:glance:23.0.0
-
cpe:2.3:a:openstack:glance:23.0.0.0
-
cpe:2.3:a:openstack:glance:24.0.0
-
cpe:2.3:a:openstack:glance:24.0.0.0
-
cpe:2.3:a:openstack:glance:24.1.0
-
cpe:2.3:a:openstack:glance:24.1.1
-
cpe:2.3:a:openstack:glance:24.2.0
-
cpe:2.3:a:openstack:glance:25.0.0
-
cpe:2.3:a:openstack:glance:25.0.0.0
-
cpe:2.3:a:openstack:glance:25.1.0
-
cpe:2.3:a:openstack:glance:26.0.0.0
-
cpe:2.3:a:openstack:glance:26.0.1
-
cpe:2.3:a:openstack:glance:27.0.0
-
cpe:2.3:a:openstack:glance:28.0.0
-
cpe:2.3:a:openstack:glance:28.0.2