Comment 11 for bug 1315321
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: image_size_cap not checked in v2 | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
@Grant, Thanks for the typo :)
@Stuart, Thanks for the comments!
It is appropriate to mention you as a reporter, you are right, my bad!
Here is impact description draft #2:
Title: Glance store DoS through disk space exhaustion
Reporter: Thomas Leaman (HP), Stuart McLaren (HP)
Products: Glance
Versions: up to 2013.2.3 and 2014.1 to 2014.1.1
Description:
Thomas Leaman and Stuart McLaren from Hewlett Packard reported a vulnerability in Glance. By uploading a large enough image to a Glance store, an authenticated user may fill the store space because the image_size_cap configuration is not honored. This may prevent further image upload and/or cause service disruption. Note that the import method is not affected. All Glance setups using API v2 are affected.