© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
First draft of impact description -
Title: Lack of ACL on deactivated image deletion request
Reporter: Niall Bunting (HPE)
Products: Glance
Affects: >=2015.1.0
Description:
Niall Bunting of Hewlett Packard Enterprise (HPE) reported a
vulnerability in Glance. Due to a failure to properly restrict
access controls a user may delete images that have been deactivated
by an administrator. A tenant may abuse this flaw to hide malicious
activities from an administrator. All Glance deployments are affected.