Lets say, cloud has workflow for 3rd party images where the image gets uploaded by 3rd party, validated and marked public by cloud admin. With this bug the 3rd party can replace the image (and it's checksum) after it has been made public providing for example malicious payload breaking the immutability promise glance has. This would need V1 & V2 APIs.
The other possibility is that private/shared/public image gets flagged malicious and disabled for further analysis. Tenant can move it back from being disabled to active and allow booting from it again. Only V1 API is needed for such actions.
Lets say, cloud has workflow for 3rd party images where the image gets uploaded by 3rd party, validated and marked public by cloud admin. With this bug the 3rd party can replace the image (and it's checksum) after it has been made public providing for example malicious payload breaking the immutability promise glance has. This would need V1 & V2 APIs.
The other possibility is that private/ shared/ public image gets flagged malicious and disabled for further analysis. Tenant can move it back from being disabled to active and allow booting from it again. Only V1 API is needed for such actions.