Essex has: https://github.com/openstack/glance/blob/7fdccb1ada360b0ba8b69472477c5cedfa45bcda/glance/api/v1/images.py#L710 So unless req.context.read_only is set on non-admin requests, I guess it's vulnerable, please confirm.
Diablo has: https://github.com/openstack/glance/blob/5b26c53c8e5143de37e270146d4ea9755c5c3f32/glance/api/v1/images.py#L598 which is very similar to Essex, so if Essex is vulnerable, Diablo will be.
Looks like a workaround for Folsom (apart from setting all images to protected) would be to refuse v1 API (enable_v1_api = False) as this seems to be v1-specific ?
Essex has: /github. com/openstack/ glance/ blob/7fdccb1ada 360b0ba8b694724 77c5cedfa45bcda /glance/ api/v1/ images. py#L710 read_only is set on non-admin requests, I guess it's vulnerable, please confirm.
https:/
So unless req.context.
Diablo has: /github. com/openstack/ glance/ blob/5b26c53c8e 5143de37e270146 d4ea9755c5c3f32 /glance/ api/v1/ images. py#L598
https:/
which is very similar to Essex, so if Essex is vulnerable, Diablo will be.
Looks like a workaround for Folsom (apart from setting all images to protected) would be to refuse v1 API (enable_v1_api = False) as this seems to be v1-specific ?