USN-1626-2: Glance vulnerability
9 November 2012
Glance could be made to delete arbitrary images.
- glance - OpenStack Image Registry and Delivery Service
USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update
provides the corresponding updates for the v2 API.
Original advisory details:
Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.
- USN-1626-1: python-glance, glance