Mistral

local file include on mistral-dashboard

Bug #1933061 reported by Chung Phan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mistral
New
Undecided
Unassigned

Bug Description

User using mistral dashboard can get any content of file on horizon server

Reproduce:

- Workflow -> Workbooks -> Create workbook -> chose Direct Input
write any file content example : "/etc/passwd" or "file://etc/passwd"

- Also in /mistral/workbooks/change_definition and /mistral/actions/ at direct input option

See a image for more infomation

It a bug of mistralclient when using on horizon at line https://github.com/openstack/python-mistralclient/blob/master/mistralclient/utils.py#L80

Revision history for this message
Chung Phan (chungphan78) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.