Thanks a lot for reporting this issue, which I believe is quite critical.
As Stuart mentioned, exploiting this security issue requires some non default config options to be set. That said, I believe some of our default policies are too permissive. Stuart pointed the `set_image_location` policy and I believe it should be admin only by default.
We could also explore the possibility of not returning the image's location for public images. I believe this could be configured in the policy file.
In addition to the above, I believe we should seriously consider deprecating v1 entirely in N and disabling it by default in O.
I'd like to hear Hermanth thoughts on this as well.
Mike,
Thanks a lot for reporting this issue, which I believe is quite critical.
As Stuart mentioned, exploiting this security issue requires some non default config options to be set. That said, I believe some of our default policies are too permissive. Stuart pointed the `set_image_ location` policy and I believe it should be admin only by default.
We could also explore the possibility of not returning the image's location for public images. I believe this could be configured in the policy file.
In addition to the above, I believe we should seriously consider deprecating v1 entirely in N and disabling it by default in O.
I'd like to hear Hermanth thoughts on this as well.