| 2024-01-04 18:59:01 |
Jeremy Stanley |
bug |
|
|
added bug |
| 2024-01-04 18:59:01 |
Jeremy Stanley |
attachment added |
|
video capture of exploit demonstration https://bugs.launchpad.net/bugs/2048103/+attachment/5736470/+files/20240104_105422.mp4 |
|
| 2024-01-04 18:59:25 |
Jeremy Stanley |
bug task added |
|
ossa |
|
| 2024-01-04 18:59:30 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
| 2024-01-04 18:59:57 |
Jeremy Stanley |
bug |
|
|
added subscriber Glance Core security contacts |
| 2024-01-04 21:47:39 |
Jeremy Stanley |
bug |
|
|
added subscriber lujiefsi |
| 2024-01-05 14:00:29 |
Jeremy Stanley |
glance: status |
New |
Invalid |
|
| 2024-01-05 14:00:45 |
Jeremy Stanley |
bug task added |
|
horizon |
|
| 2024-01-05 14:01:00 |
Jeremy Stanley |
bug |
|
|
added subscriber Horizon Core security contacts |
| 2024-01-08 08:46:27 |
lujiefsi |
attachment added |
|
This file is accessed and filled with images through the REST API. https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737379/+files/testdes.py |
|
| 2024-01-08 08:48:23 |
lujiefsi |
attachment added |
|
testimage.py https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737380/+files/testimage.py |
|
| 2024-01-08 11:25:41 |
lujiefsi |
attachment added |
|
DOS video https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737417/+files/20240108_162114.mp4 |
|
| 2024-01-08 11:25:45 |
lujiefsi |
attachment added |
|
DOS video https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737418/+files/20240108_162114.mp4 |
|
| 2024-01-08 11:26:21 |
lujiefsi |
attachment removed |
DOS video https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737418/+files/20240108_162114.mp4 |
|
|
| 2024-01-08 14:23:05 |
lujiefsi |
attachment removed |
This file is accessed and filled with images through the REST API. https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737379/+files/testdes.py |
|
|
| 2024-01-08 14:24:36 |
lujiefsi |
attachment added |
|
This file is used to filled with images through the REST API. https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737436/+files/testdes.py |
|
| 2024-01-08 17:19:55 |
Jeremy Stanley |
glance: status |
Invalid |
New |
|
| 2024-01-08 17:20:07 |
Jeremy Stanley |
description |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2024-04-03 and will be made
public by or on that date even if no fix is identified.
Members of the VMT received the following report by E-mail:
Dear VMT
I have identified a vulnerability in the OpenStack system and would like to report it to the OpenStack Vulnerability Management Team.:
While using OpenStack, I attempted to edit an image and noticed that the web frontend interface restricts the character limit of the image description to 256 characters. However, when I intercepted the request using Burp Suite and filled the description with more than 256 characters, the server did not reject the request. Therefore, the frontend restriction is not enforced on the backend. This vulnerability could potentially allow an attacker to quickly fill up storage, leading to a denial-of-service (DoS) attack. Additionally, I want to mention that after discovering this issue, I tested other modules for similar problems and have not found any. Their frontend and backend implementations appear to be consistent.
Attached is a video demonstrating the reproduction of the vulnerability. |
Members of the VMT received the following report by E-mail:
Dear VMT
I have identified a vulnerability in the OpenStack system and would like to report it to the OpenStack Vulnerability Management Team.:
While using OpenStack, I attempted to edit an image and noticed that the web frontend interface restricts the character limit of the image description to 256 characters. However, when I intercepted the request using Burp Suite and filled the description with more than 256 characters, the server did not reject the request. Therefore, the frontend restriction is not enforced on the backend. This vulnerability could potentially allow an attacker to quickly fill up storage, leading to a denial-of-service (DoS) attack. Additionally, I want to mention that after discovering this issue, I tested other modules for similar problems and have not found any. Their frontend and backend implementations appear to be consistent.
Attached is a video demonstrating the reproduction of the vulnerability. |
|
| 2024-01-08 17:20:15 |
Jeremy Stanley |
information type |
Private Security |
Public Security |
|
| 2024-01-09 06:37:23 |
lujiefsi |
attachment removed |
DOS video https://bugs.launchpad.net/glance/+bug/2048103/+attachment/5737417/+files/20240108_162114.mp4 |
|
|
