The OpenStack Vulnerability Management Team reports:
Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Versions: 2013.2 to 2013.2.2
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting
the image, an authenticated user my exceed their quota. This can
result in a denial of service via excessive resource consumption. Only
setups using the Nova VMWare driver are affected.
This issue was discovered by Jaroslav Henner of Red Hat.
*** Bug 1068698 has been marked as a duplicate of this bug. ***
A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.