Comment 24 for bug 1525915
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Normal user can change image status if show_multiple_locations has been set to true | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Trying to remove location of an image not owned by the user results in
500 Internal Server Error: You are not permitted to modify locations for this image. (HTTP 500)
And considering an active image without location already break the "contract", then this is less of a backward incompatible change and more of a real fix. Though I added a "note" about that behavior change to warn about regression after the patch is applied.
Here is the impact description draft #1:
Title: Glance image status manipulation through locations
Reporter: Erno Kuvaja (HPE)
Products: Glance
Affects: <=2015.1.2, >=11.0.0 <= 11.0.1
Description:
Erno Kuvaja from HPE reported a vulnerability in Glance. By removing the last location of an image, an authenticated user can change the image status to queue. This breaks the immutability promise glance and has similar way as described in OSSA 2015-019 as the image gets transitioned from active to queued and new image data can be uploaded. Only setup with show_multiple_
Pre-OSSA Note:
The proposed fix prevents to remove the last location of an image so that an active image is always available. This action was previously incorrectly allowed.