Comment 9 for bug 1420696
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Image data remains in backend after deleting the image created using task api (import-from) | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Assuming the task api is always presents and this affects Icehouse, here is impact description draft:
Title: Glance import task leaks image in backend
Reporter: Abhishek Kekane (NTT)
Products: Glance
Versions: up to 2014.1.3 and 2014.2 versions up to 2014.2.2
Description:
Abhishek Kekane from NTT reported a vulnerability in the Glance import task. By creating numerous images using the task API and deleting them, an authenticated attacker may leaks images data in the backend resulting in potential resources exhaustion and denial of service. All glance setups are affected.