Comment 12 for bug 1664931
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: nova rebuild ignores all image properties and scheduler filters | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
I agree that if these controls are relied on by some deployments as a security measure, then bypass by users does constitute a vulnerability.
In light of the Nova stable/ocata point release which was tagged a few hours after your impact description draft, the affects line should now be...
Affects: >=13.0.0 <=13.1.3, >=14.0.0 <=14.0.4, >=15.0.0 <=15.0.1
The middle sentence of the description is also a little hard for me to follow. How about...
By rebuilding an instance, an authenticated user may be able to
circumvent the Filter Scheduler bypassing imposed filters (for
example, the ImageProperties