Documentation: instance image temp url and configdrive can be obtained via unauthorized API endpoint
Bug #1692511 reported by
Yuriy Zveryanskyy
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Fix Released
|
High
|
Unassigned |
Bug Description
For any node instance temp url and configdrive can be obtained if:
1) The node in DEPLOYWAIT state
2) Person has network access to ironic API (without authorization)
3) Conductor is able to send request to host that is controlled by person above
Obtaining data:
1) Prepare and run simple IPA API simulator on host
2) Send fake heartbeat with address of the host above to ironic API
3) Conductor send prepare image command with data to the host
summary: |
- Instance image temp url and configdrive can be obtained via unauthorized - API endpoint + Documentation: instance image temp url and configdrive can be obtained + via unauthorized API endpoint |
Changed in ironic: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: documentation |
Changed in ironic: | |
status: | Triaged → Fix Released |
To post a comment you must log in.
Related fix proposed to branch: master /review. openstack. org/466729
Review: https:/