** Summary changed:
- Non-admin users can cause public glance images to be deleted from the backend
storage repository
+ [OSSA-2012-017] Non-admin users can cause public glance images to be deleted
from the backend storage repository
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Fix Released
** Changed in: ossa
Assignee: (unassigned) => Russell Bryant (russellb)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1065187
Title:
[OSSA-2012-017] Non-admin users can cause public glance images to be
deleted
Status in OpenStack Image Registry and Delivery Service (Glance):
Fix Released
Status in Glance essex series:
Fix Committed
Status in Glance folsom series:
Fix Released
Status in Glance grizzly series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Status in “glance” package in Ubuntu:
Fix Released
Status in “glance” source package in Quantal:
Fix Released
Bug description:
Given a public, non-protected image, a non-admin user can issue a
delete against that image which may delete the image from the backend
storage repository. The client will get a 403 unauthorized response,
but the backend delete method is called prior to checking for those
permissions on the glance registry.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1065187/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
