2022-08-29 07:51:07 |
Dr. Jens Harbott |
bug |
|
|
added bug |
2022-08-29 07:55:05 |
Dr. Jens Harbott |
description |
When a non-admin user tries to list security groups for project_id "None", Neutron creates a default security group for that project and returns and empty list to the caller.
To reproduce:
openstack --os-cloud devstack security group list --project None
openstack --os-cloud devstack-admin security group list
The API call that is made is essentially
GET /networking/v2.0/security-groups?project_id=None
The expected result would be an authorization failure, since normal users should not be allowed to list security groups for other projects. |
When a non-admin user tries to list security groups for project_id "None", Neutron creates a default security group for that project and returns an empty list to the caller.
To reproduce:
openstack --os-cloud devstack security group list --project None
openstack --os-cloud devstack-admin security group list
The API call that is made is essentially
GET /networking/v2.0/security-groups?project_id=None
The expected result would be an authorization failure, since normal users should not be allowed to list security groups for other projects. |
|
2022-08-29 08:24:46 |
Slawek Kaplonski |
neutron: importance |
Undecided |
Low |
|
2022-08-29 08:25:01 |
Slawek Kaplonski |
tags |
|
api low-hanging-fruit |
|
2022-09-01 22:20:31 |
Jeremy Stanley |
bug task added |
|
ossa |
|
2022-09-01 22:20:40 |
Jeremy Stanley |
information type |
Public |
Public Security |
|
2022-09-01 22:20:52 |
Jeremy Stanley |
bug |
|
|
added subscriber Neutron Core Security reviewers |
2022-09-01 22:20:57 |
Brian Haley |
neutron: importance |
Low |
Critical |
|
2022-09-01 22:26:24 |
Brian Haley |
bug |
|
|
added subscriber Brian Haley |
2022-09-02 01:18:19 |
OpenStack Infra |
neutron: status |
New |
In Progress |
|
2022-09-02 18:32:06 |
Brian Haley |
neutron: assignee |
|
Brian Haley (brian-haley) |
|
2022-09-07 15:38:17 |
OpenStack Infra |
neutron: status |
In Progress |
Fix Released |
|
2022-09-22 20:34:21 |
Nick Tait |
cve linked |
|
2022-3277 |
|
2022-09-23 15:32:40 |
OpenStack Infra |
tags |
api low-hanging-fruit |
api in-stable-yoga low-hanging-fruit |
|
2022-09-23 15:32:48 |
OpenStack Infra |
tags |
api in-stable-yoga low-hanging-fruit |
api in-stable-victoria in-stable-yoga low-hanging-fruit |
|
2022-09-23 15:32:56 |
OpenStack Infra |
tags |
api in-stable-victoria in-stable-yoga low-hanging-fruit |
api in-stable-victoria in-stable-wallaby in-stable-yoga low-hanging-fruit |
|
2022-09-23 15:33:05 |
OpenStack Infra |
tags |
api in-stable-victoria in-stable-wallaby in-stable-yoga low-hanging-fruit |
api in-stable-ussuri in-stable-victoria in-stable-wallaby in-stable-yoga low-hanging-fruit |
|
2022-09-23 19:07:08 |
OpenStack Infra |
tags |
api in-stable-ussuri in-stable-victoria in-stable-wallaby in-stable-yoga low-hanging-fruit |
api in-stable-ussuri in-stable-victoria in-stable-wallaby in-stable-xena in-stable-yoga low-hanging-fruit |
|