Comment 0 for bug 1400966
Revision history for this message
| Masahito Muroi (muroi-masahito) wrote Glance allows users to download any file in glance-api server | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f399f05
demo site
(Get the code!)
Updating image-location by update images API users can download any file for which glance-api has read permission.
For example:
When users specify '/etc/passwd' as locations value of an image user can get the file by image download.
How to recreate the bug:
- set show_multiple_
- create a new image
- set locations of the image's property a path you want to get such as file:///etc/passwd.
- download the image
I found this bug in 2014.2 (742c898956d655