** Summary changed: - Images v2 api metadef vulnerability + [OSSN-0088] Images v2 api metadef vulnerability
** Also affects: ossn Importance: Undecided Status: New ** Changed in: ossn Status: New => Fix Released ** Changed in: ossn Importance: Undecided => Critical ** Changed in: ossn Assignee: (unassigned) => Abhishek Kekane (abhishek-kekane) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1545702 Title: [OSSN-0088] Images v2 api metadef vulnerability Status in Glance: Confirmed Status in OpenStack Security Advisory: Won't Fix Status in OpenStack Security Notes: Fix Released Bug description: It looks like a regular user can use the metadef api to create an unlimited number of records in the database. $ glance md-namespace-create ns1 xxx $ glance md-namespace-create ns2 xxx . . . $ glance md-tag-create --name tag OS::Software::WebServers $ glance md-tag-create --name tag2 OS::Software::WebServers . . . etc. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1545702/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp