Comment 6 for bug 1010547
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Admin rights escalate to other tenants (was: glance allows to delete arbitrary images) | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Brian, Joe: so you both agree this is not a vulnerability, but by (admittedly weak) design ? And that it should definitely be strengthened in future revisions of the API ?
If yes, I'd suggest that we open this bug as a known and wanted security improvement, rather than keep it embargoed as an exploitable vulnerability.
Alessio: would that work for you ?