Glance

  1. Series grizzly
  2. Bug #1065187
  3. Comment #28

Comment 28 for bug 1065187

Revision history for this message
Thierry Carrez (ttx) wrote : Re: Non-admin users can cause public glance images to be deleted from the backend storage repository

Proposed description:

Title: Authentication bypass for image deletion
Reporter: Gabe Westmaas (Rackspace)
Products: Glance
Affects: Essex, Folsom, Grizzly

Description:
Gabe Westmaas from Rackspace reported a vulnerability in Glance authentication of image deletion requests. Authenticated users may be able to delete arbitrary, non-protected images from Glance servers. Only setups using delayed deletes and enabling Glance v1 API are affected.