Comment 2 for bug 1482371
Revision history for this message
| Nikhil Komawar (nikhil-komawar) wrote Re: Image status can be changed by passing header 'x-image-meta-status' with PUT operation using v1 | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
This is a valid bug in Glance. It's not very insecure but, if combined with certain features of v2 like deactivation of an image (that's only allowed by admin by default), this change may result into bad image state and potentially give attackers the access to unauthorized image data.
Also, this has a per-condition that the v1 endpoint for Glance needs to be exposed. Not all deployments allow this and is not a standard, recommended practice.