Please sign in to comment.
disallow boot from volume from specifying arbitrary volumes
Fix a vulnerability in volume attachment in nova-volume, affecting the boot-from-volume feature. By passing a specific volume ID, an authenticated user may be able to boot from a volume they don't own, potentially resulting in full access to that 3rd-party volume. Folsom setups making use of Cinder are not affected. Fixes bug: 1069904, CVE-2013-0208 Change-Id: I5f7c8d20d3ebf33ce1ce64bf0a8418bd2b5a6411
- Loading branch information...
Showing with 36 additions and 5 deletions.