CVE-2014-9623: OpenStack Glance Bypass the storage quota and Denial of service
4
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.76063%
CWE
-
Published
5/17/2022
Updated
5/14/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
glance | pip | < 11.0.0a0 | 11.0.0a0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from improper state handling in save/update operations. Key functions in db layer (image_update), API proxies (ImageRepoProxy.save), and upload handlers lacked 'from_state' checks to prevent quota bypass when images were deleted during 'saving' state. The patch added state-aware saving and conflict handling, confirming these were the vulnerable points.