user supplied network is not validated before attaching
Bug #1466609 reported by
Min Pae
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cue |
Fix Released
|
High
|
Min Pae | ||
Bug Description
The network specified by a user during cluster creation is not validated to ensure that the user has ownership or access to the network. This can lead to users attaching a VM to arbitrary networks. This may not be an issue currently due to the single network/port limitation Cue currently has but if/when multi-network attachment is supported this could lead to security issues where a user can attach to networks they should not have access to.
| Changed in cue: | |
| status: | New → Triaged |
| importance: | Critical → High |
Revision history for this message
| Min Pae (sputnik13) wrote | #1 |
| Changed in cue: | |
| assignee: | nobody → Min Pae (sputnik13) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to cue (master) | #2 |
| Changed in cue: | |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to cue (master) | #3 |
| Changed in cue: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Ownership/access to a network should be defined as
1) network is a shared network
or
2) network is owned by tenant requesting cluster creation