2016-07-26 09:44:03 |
Tom Patzig |
bug |
|
|
added bug |
2016-07-26 10:33:36 |
Morgan Fainberg |
description |
Launching a new Heat stack and giving the template from an URL like http://localhost:22
Results in an error message like:
ERROR: Could not retrieve template: Failed to retrieve template: ('Connection aborted.', BadStatusLine('SSH-2.0-OpenSSH_6.6.1\r\n',))
This is a security issue as it allows users to scan the network for listening ports.
heat CLI does not allow that:
heat stack-create -u http://localhost:22 test
[Errno 104] Connection reset by peer |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
Launching a new Heat stack and giving the template from an URL like http://localhost:22
Results in an error message like:
ERROR: Could not retrieve template: Failed to retrieve template: ('Connection aborted.', BadStatusLine('SSH-2.0-OpenSSH_6.6.1\r\n',))
This is a security issue as it allows users to scan the network for listening ports.
heat CLI does not allow that:
heat stack-create -u http://localhost:22 test
[Errno 104] Connection reset by peer |
|
2016-07-26 10:33:46 |
Morgan Fainberg |
bug task added |
|
ossa |
|
2016-07-26 10:33:51 |
Morgan Fainberg |
ossa: status |
New |
Incomplete |
|
2016-07-26 10:34:44 |
Morgan Fainberg |
bug |
|
|
added subscriber Horizon Core security contacts |
2016-09-21 11:35:48 |
Tom Patzig |
bug |
|
|
added subscriber Daniel Gonzalez Nothnagel |
2016-10-17 09:35:07 |
Daniel Gonzalez Nothnagel |
bug task added |
|
heat |
|
2016-10-17 09:38:45 |
Daniel Gonzalez Nothnagel |
attachment added |
|
urlfetch-fix.patch https://bugs.launchpad.net/heat/+bug/1606500/+attachment/4762389/+files/urlfetch-fix.patch |
|
2016-10-17 14:59:36 |
Daniel Gonzalez Nothnagel |
attachment added |
|
urlfetch-fix-2.patch https://bugs.launchpad.net/heat/+bug/1606500/+attachment/4762582/+files/urlfetch-fix-2.patch |
|
2016-10-18 12:38:12 |
Daniel Gonzalez Nothnagel |
bug |
|
|
added subscriber Heat Core security contacts |
2016-10-18 13:25:22 |
Zane Bitter |
heat: status |
New |
Triaged |
|
2016-10-18 13:25:32 |
Zane Bitter |
heat: importance |
Undecided |
Medium |
|
2016-10-18 15:20:57 |
Daniel Gonzalez Nothnagel |
attachment added |
|
urlfetch-fix-3.patch https://bugs.launchpad.net/heat/+bug/1606500/+attachment/4763301/+files/urlfetch-fix-3.patch |
|
2016-11-03 02:52:04 |
Tristan Cacqueray |
description |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
Launching a new Heat stack and giving the template from an URL like http://localhost:22
Results in an error message like:
ERROR: Could not retrieve template: Failed to retrieve template: ('Connection aborted.', BadStatusLine('SSH-2.0-OpenSSH_6.6.1\r\n',))
This is a security issue as it allows users to scan the network for listening ports.
heat CLI does not allow that:
heat stack-create -u http://localhost:22 test
[Errno 104] Connection reset by peer |
Launching a new Heat stack and giving the template from an URL like http://localhost:22
Results in an error message like:
ERROR: Could not retrieve template: Failed to retrieve template: ('Connection aborted.', BadStatusLine('SSH-2.0-OpenSSH_6.6.1\r\n',))
This is a security issue as it allows users to scan the network for listening ports.
heat CLI does not allow that:
heat stack-create -u http://localhost:22 test
[Errno 104] Connection reset by peer |
|
2016-11-03 02:52:31 |
Tristan Cacqueray |
information type |
Private Security |
Public Security |
|
2016-11-03 02:52:43 |
Tristan Cacqueray |
ossa: status |
Incomplete |
In Progress |
|
2016-11-03 02:52:56 |
Tristan Cacqueray |
horizon: status |
New |
Invalid |
|
2016-11-03 07:55:48 |
OpenStack Infra |
heat: status |
Triaged |
In Progress |
|
2016-11-03 07:55:48 |
OpenStack Infra |
heat: assignee |
|
Daniel Gonzalez Nothnagel (dgonzalez) |
|
2016-11-03 15:55:07 |
OpenStack Infra |
heat: status |
In Progress |
Fix Released |
|
2016-11-03 19:47:21 |
OpenStack Infra |
tags |
|
in-stable-newton |
|
2016-11-03 19:47:30 |
OpenStack Infra |
tags |
in-stable-newton |
in-stable-mitaka in-stable-newton |
|
2016-11-03 19:47:38 |
OpenStack Infra |
tags |
in-stable-mitaka in-stable-newton |
in-stable-liberty in-stable-mitaka in-stable-newton |
|
2016-11-04 08:22:03 |
Tristan Cacqueray |
summary |
Heat: template source URL allows network port scan |
Heat: template source URL allows network port scan (CVE-2016-9185) |
|
2016-11-18 13:53:47 |
OpenStack Infra |
cve linked |
|
2016-9185 |
|
2016-11-18 14:02:26 |
Tristan Cacqueray |
summary |
Heat: template source URL allows network port scan (CVE-2016-9185) |
[OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185) |
|
2016-11-18 14:02:37 |
Tristan Cacqueray |
ossa: status |
In Progress |
Fix Released |
|
2016-11-18 20:26:48 |
Franciraldo Cavalcante |
bug |
|
|
added subscriber Franciraldo Cavalcante |