Network/Image names allows terminal escape sequence
Bug #1486565 reported by
Tristan Cacqueray
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Opinion
|
Low
|
Unassigned | ||
OpenStack Compute (nova) |
Opinion
|
Low
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
neutron |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
This allows a malicious user to create network that will mess with administrator terminal when they list network.
Steps to reproduces:
As a user: neutron net-create $(echo -e "\E[37mhidden\
As an admin: neutron net-list
Changed in ossa: | |
status: | Incomplete → Won't Fix |
information type: | Private Security → Public |
description: | updated |
Changed in neutron: | |
status: | New → In Progress |
assignee: | nobody → Ching Sun (ching-sun) |
tags: | removed: needs-attention |
Changed in glance: | |
status: | New → Opinion |
importance: | Undecided → Low |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.