Red Hat Bugzilla – Bug 1466323
CVE-2016-4383 openstack-glance: glance-manage db purge breaks image immutability expectation
Last modified: 2017-08-02 04:35:45 EDT
The glance-manage db in openstack-glance allows deleted image IDs to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
Created openstack-glance tracking bugs for this issue:
Affects: openstack-rdo [bug 1466324]
The OSSN is here (with mitigation): https://wiki.openstack.org/wiki/OSSN/OSSN-0075