Stuart McLaren discovered that Glance did not properly enforce the
‘download_image’ policy for cached images. An authenticated user could
exploit this to obtain sensitive information in an image protected by this
setting.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.04 | noarch | python-glance | < 1:2013.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | glance | < 1:2013.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | glance-api | < 1:2013.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | glance-common | < 1:2013.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | glance-registry | < 1:2013.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | python-glance-doc | < 1:2013.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | python-glance | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-api | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-client | < 2012.2.4-0ubuntu1.1 | UNKNOWN |