{
  "threat_severity" : "Low",
  "public_date" : "2015-01-16T00:00:00Z",
  "bugzilla" : {
    "description" : "openstack-glance: user storage quota bypass",
    "id" : "1183647",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183647"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-841->CWE-400",
  "details" : [ "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.", "A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service." ],
  "acknowledgement" : "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil (NTT) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
    "release_date" : "2015-04-16T00:00:00Z",
    "advisory" : "RHSA-2015:0838",
    "cpe" : "cpe:/a:redhat:openstack:5::el6",
    "package" : "openstack-glance-0:2014.1.4-1.el6ost"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
    "release_date" : "2015-04-16T00:00:00Z",
    "advisory" : "RHSA-2015:0837",
    "cpe" : "cpe:/a:redhat:openstack:5::el7",
    "package" : "openstack-glance-0:2014.1.4-1.el7ost"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0644",
    "cpe" : "cpe:/a:redhat:openstack:6::el7",
    "package" : "openstack-glance-0:2014.2.2-1.el7ost"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0644",
    "cpe" : "cpe:/a:redhat:openstack:6::el7",
    "package" : "python-glanceclient-1:0.14.2-2.el7ost"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenStack Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openstack-glance",
    "cpe" : "cpe:/a:redhat:openstack:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-9623\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9623" ],
  "name" : "CVE-2014-9623",
  "csaw" : false
}