Comment 12 for bug 1479385
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Thanks for the review, here is the updated impact description draft #2:
Title: Glance metadefs v2 API DoS through duplicate namespaces
Reporter: Niall Bunting (HP)
Products: Glance
Affects: 2014.2 versions through 2014.2.3 and 2015.1.0 versions through 2015.1.1
Description:
Niall Bunting from HP reported a vulnerability in the Glance metadata v2 API. By creating duplicated namespaces, an authenticated user may crash the Glance metadata v2 API, resulting in a denial of services. Only setups using the Glance V2 API are affected by this flaw.