Multiple command injection vulns in schema_diff tool
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Wishlist
|
stgleb | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
These lines in the latest Nova (as of May 1, 2015) are vulnerable to command injection
https:/
https:/
https:/
In this case (https:/
In this case (https:/
In this case(https:/
I'm not familiar enough with the usage of this module to know all of the places these inputs can come from, but presumably it can be used in automation, potentially with elevated privileges. I'm sure the idea of this script is to allow certain functionality, not unrestricted commands. The way this has been developed allows unrestricted command execution by tampering with any of the above mentioned inputs.
Changed in nova: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
assignee: | nobody → Roman Podoliaka (rpodolyaka) |
status: | Confirmed → In Progress |
milestone: | none → liberty-3 |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.