Comment 24 for bug 1166670
Revision history for this message
| Henry Nash (henry-nash) wrote Re: Deleted user can still create instances | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
+1 on the patch.
As an aside, we have this covered for the v3 api, it is just the v2 api that has the issue (i.e. the controller code that responds to the v3 delete user call already has the call to invalidate the tokens). So people calling the v3 api are not subject to this vulnerability.