Back to bug 1302607

Who When What Removed Added
Adam Mariš 2016-01-28 09:13:22 UTC CC security-response-team
Red Hat Bugzilla 2016-01-28 09:13:22 UTC Doc Type --- Bug Fix
Adam Mariš 2016-01-28 09:16:34 UTC Blocks 1302609
Adam Mariš 2016-01-29 09:41:18 UTC Whiteboard impact=low,public=no,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,openstack-5/openstack-glance=new,openstack-6/openstack-glance=new,openstack-7/openstack-glance=new,openstack-8/openstack-glance=new,openstack-rdo/openstack-glance=new,fedora-all/openstack-glance=affected impact=low,public=20160203,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,openstack-5/openstack-glance=new,openstack-6/openstack-glance=new,openstack-7/openstack-glance=new,openstack-8/openstack-glance=new,openstack-rdo/openstack-glance=new,fedora-all/openstack-glance=affected
Summer Long 2016-01-29 21:41:56 UTC Whiteboard impact=low,public=20160203,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,openstack-5/openstack-glance=new,openstack-6/openstack-glance=new,openstack-7/openstack-glance=new,openstack-8/openstack-glance=new,openstack-rdo/openstack-glance=new,fedora-all/openstack-glance=affected impact=low,public=20160203,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=affected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected
Summer Long 2016-01-29 21:46:29 UTC Depends On 1303233
Summer Long 2016-01-29 21:46:39 UTC Depends On 1303234
Summer Long 2016-01-29 21:46:51 UTC Depends On 1303235
Summer Long 2016-01-29 21:47:02 UTC Depends On 1303236
Summer Long 2016-01-29 21:47:16 UTC Depends On 1303237
Summer Long 2016-01-29 21:57:30 UTC Whiteboard impact=low,public=20160203,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=affected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected impact=low,public=20160203,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=affected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected
Flavio Percoco 2016-02-02 12:11:57 UTC CC hguemar
Martin Prpič 2016-02-04 08:36:15 UTC Status NEW ASSIGNED
Attachment #1119384 Attachment is obsolete 0 1
Martin Prpič 2016-02-04 08:36:35 UTC Attachment #1119385 Attachment is obsolete 0 1
Martin Prpič 2016-02-04 08:37:45 UTC Attachment #1119386 Attachment is obsolete 0 1
Andrej Nemec 2016-02-04 13:20:35 UTC Summary EMBARGOED CVE-2016-0757 openstack-glance: Glance image status manipulation through locations CVE-2016-0757 openstack-glance: Glance image status manipulation through locations
Andrej Nemec 2016-02-04 13:20:41 UTC Group security, qe_staff
Andrej Nemec 2016-02-04 13:22:48 UTC Depends On 1304726
Andrej Nemec 2016-02-04 13:22:59 UTC Depends On 1304727
Summer Long 2016-02-05 05:42:39 UTC Whiteboard impact=low,public=20160203,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=affected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=affected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected
Summer Long 2016-02-05 05:48:24 UTC CC slong
Summer Long 2016-02-08 00:14:59 UTC Doc Text An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only an environment with show_multiple_locations set to true (not default) were affected.
Summer Long 2016-02-08 01:00:58 UTC Doc Text An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only an environment with show_multiple_locations set to true (not default) were affected. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected.
Prasanth Anbalagan 2016-02-16 11:35:11 UTC CC panbalag
Flags needinfo?(slong)
Prasanth Anbalagan 2016-02-16 11:36:33 UTC Flags needinfo?(slong)
Garth Mollett 2016-02-29 00:25:23 UTC Status ASSIGNED NEW
CC gmollett
Summer Long 2016-03-08 21:28:27 UTC Whiteboard impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=affected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=notaffected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected
Summer Long 2016-03-08 21:42:39 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-03-08 16:42:39 UTC
Perry Myers 2016-04-26 14:32:55 UTC CC pmyers
Joshua Padman 2018-09-24 01:47:22 UTC CC cyril, jjoyce, kbasil, mburns, slinaber, srevivo
Whiteboard impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=notaffected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=notaffected,openstack-rdo/openstack-glance=wontfix,fedora-all/openstack-glance=affected
Joshua Padman 2018-09-24 03:32:45 UTC Whiteboard impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=notaffected,openstack-rdo/openstack-glance=wontfix,fedora-all/openstack-glance=affected impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=notaffected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected
Product Security DevOps Team 2019-09-29 13:43:28 UTC Whiteboard impact=low,public=20160204,reported=20160127,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-285,openstack-5/openstack-glance=affected,openstack-6/openstack-glance=affected,openstack-7/openstack-glance=affected,openstack-8/openstack-glance=notaffected,openstack-rdo/openstack-glance=affected,fedora-all/openstack-glance=affected

Back to bug 1302607