Red Hat Security Advisory 2013-1525-01 - The openstack-glance packages provide a service that acts as a registry for virtual machine images. A flaw was found in the Glance download_image policy enforcement for cached system images. When an image was previously cached by an authorized download, any authenticated user able to determine the image by its UUID could download that image, bypassing the download_image policy. Only setups making use of the download_image policy were affected.
e0eb3f673d25b971dfa5e7bcb73d6d651ce3b1ffe95cdbb2b5cf1de8b7715300
Ubuntu Security Notice 2003-1 - Stuart McLaren discovered that Glance did not properly enforce the 'download_image' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting.
5bcbdd5172766f1b92e4ef0b761c84adf1aef699272f16fcfbd37fb1410bdc54