Comment 25 for bug 1065187
Revision history for this message
| Brian Waldon (bcwaldon) wrote Re: Non-admin users can cause public glance images to be deleted from the backend storage repository | #25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
I confirmed that this does affect Essex. An authenticated user can force a delete to be scheduled for an image he does not own if it is public or has been explicitly shared with him. The vulnerability does not apply in the case that delayed_delete is disabled.