Comment 24 for bug 1482371
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Image status can be changed by passing header 'x-image-meta-status' with PUT operation using v1 | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Given a tenant can't actually alter images which aren't under their control, what are the exploit scenarios for this vulnerability? Simply reenabling images of theirs which the admin has disabled, or substituting a malicious replacement image after conclusion of an audit validating the image being surreptitiously replaced?