I did not verify this functionally, but by looking at the code this vulnerability appears to affect Diablo (2011.3.1) and Cactus as well (not Bexar). Here is a proposed impact statement:
By creating an image in Glance by URL that references a mis-configured Swift endpoint, or if the Swift endpoint that a previously-ACTIVE image references for any reason becomes unusable, any user may gain the Glance operator's Swift credentials for that endpoint. Only setups that use the single-tenant Swift store are affected.
I did not verify this functionally, but by looking at the code this vulnerability appears to affect Diablo (2011.3.1) and Cactus as well (not Bexar). Here is a proposed impact statement:
By creating an image in Glance by URL that references a mis-configured Swift endpoint, or if the Swift endpoint that a previously-ACTIVE image references for any reason becomes unusable, any user may gain the Glance operator's Swift credentials for that endpoint. Only setups that use the single-tenant Swift store are affected.