user supplied network is not validated before attaching
Bug #1466609 reported by
Min Pae
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cue |
Fix Released
|
High
|
Min Pae |
Bug Description
The network specified by a user during cluster creation is not validated to ensure that the user has ownership or access to the network. This can lead to users attaching a VM to arbitrary networks. This may not be an issue currently due to the single network/port limitation Cue currently has but if/when multi-network attachment is supported this could lead to security issues where a user can attach to networks they should not have access to.
Changed in cue: | |
status: | New → Triaged |
importance: | Critical → High |
To post a comment you must log in.
Ownership/access to a network should be defined as
1) network is a shared network
or
2) network is owned by tenant requesting cluster creation