** Summary changed:
- Images v2 api metadef vulnerability
+ [OSSN-0088] Images v2 api metadef vulnerability
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossn
Status: New => Fix Released
** Changed in: ossn
Importance: Undecided => Critical
** Changed in: ossn
Assignee: (unassigned) => Abhishek Kekane (abhishek-kekane)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1545702
Title:
[OSSN-0088] Images v2 api metadef vulnerability
Status in Glance:
Confirmed
Status in OpenStack Security Advisory:
Won't Fix
Status in OpenStack Security Notes:
Fix Released
Bug description:
It looks like a regular user can use the metadef api to create an
unlimited number of records in the database.
$ glance md-namespace-create ns1 xxx
$ glance md-namespace-create ns2 xxx
.
.
.
$ glance md-tag-create --name tag OS::Software::WebServers
$ glance md-tag-create --name tag2 OS::Software::WebServers
.
.
.
etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1545702/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
