© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
To be clear, this is not yet being treated as a vulnerability. The OpenStack VMT triaged it because it was flagged by the original reporter as a possible vulnerability in Horizon, so Horizon's core security reviewers were asked to make a determination there. The OpenStack Security Advisory bugtask is still marked Incomplete until there is some consensus that this 1. represents an actual security risk in OpenStack software, 2. has a practical exploit scenario where an attacker could leverage it to accomplish something they're not supposed to be able to do, and 3. can be fixed or mitigated thoroughly in all currently supported stable branches of OpenStack source code.
I tend to agree that if users configure their browsers to pass arbitrary files built from untrusted data to dangerous local applications on their systems, it's not Horizon's job to know every possible way that could happen and provide built-in workarounds. The question for the Horizon developers is whether they want to do that anyway, or whether we should simply caution users about these risks somewhere.