Russell: could you backport the fix for Folsom/Grizzly (if they are affected as well) ?
Proposed Impact description:
=========================
Title: Resource limit circumvention in Nova private flavors
Reporter: Ken'ichi Ohmichi (NEC)
Products: Nova
Affects: All versions
Description:
Ken'ichi Ohmichi from NEC reported that the fix for OSSA 2013-019 (CVE-2013-2256) was incomplete. Any tenant was still able to boot any other tenant's private flavors by guessing a flavor ID. This potentially allowed circumvention of any resource limits enforced through the os-flavor-access:is_public property.
=========================
Russell: could you backport the fix for Folsom/Grizzly (if they are affected as well) ?
Proposed Impact description: ======= ======= ====
=======
Title: Resource limit circumvention in Nova private flavors
Reporter: Ken'ichi Ohmichi (NEC)
Products: Nova
Affects: All versions
Description: access: is_public property. ======= ======= ====
Ken'ichi Ohmichi from NEC reported that the fix for OSSA 2013-019 (CVE-2013-2256) was incomplete. Any tenant was still able to boot any other tenant's private flavors by guessing a flavor ID. This potentially allowed circumvention of any resource limits enforced through the os-flavor-
=======