Summary: | app-admin/glance: image creation in other tenant accounts (CVE-2013-4354) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED CANTFIX | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4354 | ||
Whiteboard: | ~4 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-09-21 07:28:31 UTC
Upstream is not going to fix this. https://bugs.launchpad.net/glance/+bug/1226078 see this link for more discussion https://bugs.launchpad.net/ossn/+bug/1226078 CVE-2013-4354 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4354): The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. unccing since no fix will be provided upstream |