copy_from in api v1 allows network port scan
Bug #1606495 reported by
Tom Patzig
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Opinion
|
Undecided
|
Unassigned | ||
OpenStack Security Notes |
Fix Released
|
Undecided
|
Luke Hinds |
Bug Description
copy_from allows to create Images with an url like http://
The remote content gets copied unverified in the defined glance store.
E.g. after downloading the image with copy_from url http://
This is a security issue, as it allows users to do network "scans" for open ports and it copies remote (potentially malicious) content unverified to your configured glance store.
glance api v1 is still the default in horizon.
Changed in ossn: | |
assignee: | nobody → Luke Hinds (lhinds) |
Changed in ossn: | |
assignee: | Luke Hinds (lhinds) → Travis McPeak (travis-mcpeak) |
Changed in ossn: | |
assignee: | Travis McPeak (travis-mcpeak) → nobody |
Changed in ossn: | |
assignee: | nobody → Luke Hinds (lhinds) |
Changed in ossn: | |
status: | New → In Progress |
Changed in ossn: | |
status: | In Progress → Fix Released |
description: | updated |
Changed in glance: | |
status: | New → Won't Fix |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.