OpenStack Image Registry and Delivery Service (Glance)

Location information still showing in calls to HEAD|GET /images/<ID>

Reported by Jay Pipes on 2011-09-27
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
High
Jay Pipes
Diablo
Undecided
Unassigned

Bug Description

X-Image-Meta-Location header is still leaking security creds for the show() and meta() methods of the images controller!

Jay Pipes (jaypipes) on 2011-10-13
Changed in glance:
status: In Progress → Fix Committed
Jay Pipes (jaypipes) on 2012-01-01
Changed in glance:
status: Fix Committed → Fix Released
Jay Pipes (jaypipes) on 2012-01-11
security vulnerability: yes → no
visibility: private → public
Thierry Carrez (ttx) on 2012-01-12
security vulnerability: no → yes
Thierry Carrez (ttx) on 2012-04-05
Changed in glance:
milestone: essex-1 → 2012.1
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers