[OSSA-2015-002] Glance still allows users to download and delete any file in glance-api server (CVE-2015-1195)
Bug #1514467 reported by
Denis Puchkin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Invalid
|
Undecided
|
Unassigned | ||
5.1.x |
Fix Released
|
Critical
|
Denis Puchkin | ||
6.0.x |
Fix Released
|
Critical
|
Denis Puchkin |
Bug Description
Jin Liu reported that OSSA-2014-041 (CVE-2014-9493) only fixed the vulnerability for swift: and file: URI, but overlooked filesystem: URIs.
Please see bug 1400966 for historical reference.
Upstream bug: https:/
Changed in mos: | |
milestone: | none → 8.0 |
status: | New → Invalid |
To post a comment you must log in.
Change abandoned by Denis Puchkin <email address hidden> on branch: openstack- ci/fuel- 6.0-updates/ 2014.2 /review. fuel-infra. org/13090
Review: https:/