Comment 9 for bug 1420696

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: Image data remains in backend after deleting the image created using task api (import-from)

Assuming the task api is always presents and this affects Icehouse, here is impact description draft:

Title: Glance import task leaks image in backend
Reporter: Abhishek Kekane (NTT)
Products: Glance
Versions: up to 2014.1.3 and 2014.2 versions up to 2014.2.2

Description:
Abhishek Kekane from NTT reported a vulnerability in the Glance import task. By creating numerous images using the task API and deleting them, an authenticated attacker may leaks images data in the backend resulting in potential resources exhaustion and denial of service. All glance setups are affected.