[Glance] Glance user storage quota bypass #2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
Critical
|
Mike Fedosin | ||
5.1.x |
Fix Released
|
Critical
|
Alexey Khivin | ||
6.0.x |
Fix Released
|
Critical
|
Alexey Khivin | ||
6.1.x |
Fix Released
|
Critical
|
Alexey Khivin | ||
7.0.x |
Fix Released
|
Critical
|
Mike Fedosin | ||
8.0.x |
Fix Released
|
Critical
|
Mike Fedosin |
Bug Description
Based on https:/
Affected:
All version v1 and v2+registry of glance. Only Glance setups configured with user_storage_quota are affected.
Steps to reproduce:
1) Login to controller node by ssh.
2) Change token expiration time in 'keystone.conf' from 3600 seconds at 120.
3) Set 'user_storage_quota = 603979780' in 'glance-api.conf'.
4) Run one of the attached scripts (depending on the using api version).
5) When after token expiration time spending, we need to get a list of images of glance and storage backend, and compare them.
Expected result:
Responses from the glance and storage backend service must be identical.
Actual result:
Glance returns an empty list, while storage backend shows that it has some elements.
CVE References
description: | updated |
Changed in mos: | |
status: | New → In Progress |
summary: |
- [pre-SSA] Glance user storage quota bypass #2 + [pre-OSSA] Glance user storage quota bypass #2 |
Changed in mos: | |
status: | In Progress → Fix Committed |
summary: |
- [pre-OSSA] Glance user storage quota bypass #2 + Glance user storage quota bypass #2 |
summary: |
- Glance user storage quota bypass #2 + [Glance] Glance user storage quota bypass #2 |
information type: | Private Security → Public Security |
Changed in mos: | |
status: | Fix Committed → Fix Released |
tags: | added: on-automation |
tags: | added: feature-security |
Fix for MOS 7.0 on review: https:/ /review. fuel-infra. org/#/c/ 11914/