Exploitable services exposed on community test nodes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Critical
|
Unassigned |
Bug Description
One of the donor service providers for the upstream OpenStack Infrastructure CI pool has notified us that their security team's periodic vulnerability scans have been identifying systems at random within our environment as running open memcached servers. Job correlation from these reports indicates each was running one of the following:
kolla-ansible-
kolla-ansible-
kolla-ansible-
Please adjust the configuration of your job framework to prevent these services from being exposed to the Internet (through iptables ingress filters, service ACLs, configuring them to not listen on globally-routable interfaces, whatever works). Thanks!
tags: | added: security |
Changed in kolla-ansible: | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in kolla-ansible: | |
importance: | High → Critical |
Any update on the state of this? It's really pretty urgent. An example of _why_ it's a problem: http:// www.openwall. com/lists/ oss-security/ 2018/03/ 02/1