[OSSA 2015-004] Image data remains in backend after deleting the image created using task api (import-from) (CVE-2015-1881)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Critical
|
Abhishek Kekane | ||
Icehouse |
Invalid
|
Undecided
|
Unassigned | ||
Juno |
Fix Released
|
Critical
|
Abhishek Kekane | ||
OpenStack Security Advisory |
Fix Released
|
High
|
Tristan Cacqueray |
Bug Description
Trying to delete image created using task api (import-from) image gets deleted from the database, but image data remains in the backend.
Steps to reproduce:
1. Create image using task api
$ curl -i -X POST -H 'User-Agent: python-
2. wait until image becomes active.
3. Confirm image is in active state.
$ glance image-list
4. Delete the image
$ glance image-delete <image-id>
5. Verify image-list does not show deleted image
$ glance image-list
Image gets deleted from the database but image data presents in the backend.
Problem:
Import task does not update the location of the image and it remains None even image becomes active.
Location entry is not added in the database in image_locations table.
While deleting the image it checks if location is present for image [1][2] then only it deletes that image data from that location.
[1] v1: https:/
[2] v2: https:/
This issue is reproducible in stable/juno as well as in current master.
Note: You need to replace auth_token in above curl command, otherwise it will raise error for authentication failure.
(Use 'keystone token-get' command to generate the new token)
Changed in glance: | |
assignee: | nobody → Abhishek Kekane (abhishek-kekane) |
description: | updated |
tags: | added: juno-backport-potential |
Changed in ossa: | |
status: | Incomplete → Confirmed |
assignee: | nobody → Tristan Cacqueray (tristan-cacqueray) |
importance: | Undecided → High |
summary: |
Image data remains in backend after deleting the image created using - task api (import-from) + task api (import-from) (CVE-2015-1881) |
Changed in glance: | |
status: | In Progress → Fix Committed |
Changed in ossa: | |
status: | Triaged → In Progress |
summary: |
- Image data remains in backend after deleting the image created using - task api (import-from) (CVE-2015-1881) + [OSSA 2015-004] Image data remains in backend after deleting the image + created using task api (import-from) (CVE-2015-1881) |
Changed in ossa: | |
status: | In Progress → Fix Released |
Changed in glance: | |
status: | Fix Committed → Fix Released |
description: | updated |
Changed in glance: | |
milestone: | kilo-3 → 2015.1.0 |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.