[OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)
Bug #1606500 reported by
Tom Patzig
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Heat |
Fix Released
|
Medium
|
Daniel Gonzalez Nothnagel | ||
OpenStack Security Advisory |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Launching a new Heat stack and giving the template from an URL like http://
Results in an error message like:
ERROR: Could not retrieve template: Failed to retrieve template: ('Connection aborted.', BadStatusLine(
This is a security issue as it allows users to scan the network for listening ports.
heat CLI does not allow that:
heat stack-create -u http://
[Errno 104] Connection reset by peer
CVE References
summary: |
- Heat: template source URL allows network port scan + Heat: template source URL allows network port scan (CVE-2016-9185) |
summary: |
- Heat: template source URL allows network port scan (CVE-2016-9185) + [OSSA 2016-013] Heat: template source URL allows network port scan + (CVE-2016-9185) |
Changed in ossa: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.