OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Image_registry_and_delivery_service_(glance) | Openstack | * | 2014.2.3 |
Image_registry_and_delivery_service_(glance) | Openstack | 2015.1.1 | 2015.1.1 |
Image_registry_and_delivery_service_(glance) | Openstack | 2015.1.0 | 2015.1.0 |