Key Information Summary Vulnerability Description Vulnerability Type: Information Security Vulnerability Affected Component: Glance-manage db purge Issue Description: Using the command may result in deleted image IDs being reallocated in the database, leading to duplicate IDs during deployment lifecycle. This could allow attackers to exploit the vulnerability by creating new images with the same ID as previously deleted images, thereby breaking the immutability promise of images. Impact Scope Affected Versions: Glance (specifics not provided in snippet; refer to bug report) Severity: Critical Solution and Mitigation Fix Status: Fix Released Temporary Mitigation Measures: Proposed to introduce a table to track deleted image IDs, enabling cross-checking during new image creation to ensure no ID duplication; another suggestion was to allow specifying an ID during image creation, but this was discarded due to abuse risks. Final Solution: Maintain records of hard-deleted images in the database instead of releasing those IDs. Additional Information Related Vulnerabilities: Linked to other image ID reuse vulnerabilities ( ) Discussion Details: Discussions held in virtual Glance development meetings; meeting minutes available for reference. OSSN (OpenStack Security Notice): Update security advisories as needed, including additional recommendations for OpenStack Cloud operators. Security Recommendations Do not use the db purge feature without restricting image creation capabilities. Verify that project IDs and image IDs cannot be reused before performing db purge operations. Consider environment-specific requirements; for example, avoid executing this operation in environments where non-admin users can upload images.