No limit in length of "image description " parameter results in DOS attack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
New
|
Undecided
|
Unassigned | ||
OpenStack Dashboard (Horizon) |
New
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Members of the VMT received the following report by E-mail:
Dear VMT
I have identified a vulnerability in the OpenStack system and would like to report it to the OpenStack Vulnerability Management Team.:
While using OpenStack, I attempted to edit an image and noticed that the web frontend interface restricts the character limit of the image description to 256 characters. However, when I intercepted the request using Burp Suite and filled the description with more than 256 characters, the server did not reject the request. Therefore, the frontend restriction is not enforced on the backend. This vulnerability could potentially allow an attacker to quickly fill up storage, leading to a denial-of-service (DoS) attack. Additionally, I want to mention that after discovering this issue, I tested other modules for similar problems and have not found any. Their frontend and backend implementations appear to be consistent.
Attached is a video demonstrating the reproduction of the vulnerability.
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.