CVE-2015-5286: OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
6.8
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.62507%
CWE
Published
5/17/2022
Updated
2/13/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:N/AC:L/Au:S/C:N/I:N/A:C
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
glance | pip | < 2014.2.4 | 2014.2.4 |
glance | pip | >= 2015.1.0, < 2015.1.2 | 2015.1.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability manifests when token expiration during upload/deletion leaves storage artifacts. The patches add exception handling for authentication failures in two critical paths:
- upload_utils._safe_kill() handles image status transitions and cleanup
- ImportTask._import_image() manages background import operations By adding explicit handling of Unauthorized/NotAuthenticated exceptions in these functions, the patches demonstrate these were the points where token expiration could lead to quota bypass. These functions would appear in stack traces during exploitation as they handle the image state changes and storage interactions.