An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it.
For this flaw to be exploited, both non-admin image upload must be permitted and records of deleted IDs must have been purged from the openstack-glance 'images' database table.
To prevent flaw exploitation:
image_properties
, image_tags
, image_members
, and image_locations
tables.