@Stuart, Thanks for the comments!
It is appropriate to mention you as a reporter, you are right, my bad!
Here is impact description draft #2:
Title: Glance store DoS through disk space exhaustion
Reporter: Thomas Leaman (HP), Stuart McLaren (HP)
Products: Glance
Versions: up to 2013.2.3 and 2014.1 to 2014.1.1
Description:
Thomas Leaman and Stuart McLaren from Hewlett Packard reported a vulnerability in Glance. By uploading a large enough image to a Glance store, an authenticated user may fill the store space because the image_size_cap configuration is not honored. This may prevent further image upload and/or cause service disruption. Note that the import method is not affected. All Glance setups using API v2 are affected.
@Grant, Thanks for the typo :)
@Stuart, Thanks for the comments!
It is appropriate to mention you as a reporter, you are right, my bad!
Here is impact description draft #2:
Title: Glance store DoS through disk space exhaustion
Reporter: Thomas Leaman (HP), Stuart McLaren (HP)
Products: Glance
Versions: up to 2013.2.3 and 2014.1 to 2014.1.1
Description:
Thomas Leaman and Stuart McLaren from Hewlett Packard reported a vulnerability in Glance. By uploading a large enough image to a Glance store, an authenticated user may fill the store space because the image_size_cap configuration is not honored. This may prevent further image upload and/or cause service disruption. Note that the import method is not affected. All Glance setups using API v2 are affected.