Given a tenant can't actually alter images which aren't under their control, what are the exploit scenarios for this vulnerability? Simply reenabling images of theirs which the admin has disabled, or substituting a malicious replacement image after conclusion of an audit validating the image being surreptitiously replaced?
Given a tenant can't actually alter images which aren't under their control, what are the exploit scenarios for this vulnerability? Simply reenabling images of theirs which the admin has disabled, or substituting a malicious replacement image after conclusion of an audit validating the image being surreptitiously replaced?