QwikSec

Security Database

CVE

CWE

Training

CVE-2016-8611

Published: Jul 31, 2018

Modified: Aug 6, 2024

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.

Vendor	Product	Versions
The Openstack Foundation	openstack-glance	affected `v1 and v2`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384

x_refsource_CONFIRM

[oss-security] 20161027 [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.