2016-07-26 09:33:07 |
Tom Patzig |
bug |
|
|
added bug |
2016-07-26 10:36:38 |
Morgan Fainberg |
description |
copy_from allows to create Images with an url like http://localhost:22
The remote content gets copied unverified in the defined glance store.
E.g. after downloading the image with copy_from url http://localhost:22, you see the OpenSSH banner.
This is a security issue, as it allows users to do network "scans" for open ports and it copies remote (potentially malicious) content unverified to your configured glance store.
glance api v1 is still the default in horizon. |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
copy_from allows to create Images with an url like http://localhost:22
The remote content gets copied unverified in the defined glance store.
E.g. after downloading the image with copy_from url http://localhost:22, you see the OpenSSH banner.
This is a security issue, as it allows users to do network "scans" for open ports and it copies remote (potentially malicious) content unverified to your configured glance store.
glance api v1 is still the default in horizon. |
|
2016-07-26 10:36:50 |
Morgan Fainberg |
bug task added |
|
ossa |
|
2016-07-26 10:37:04 |
Morgan Fainberg |
ossa: status |
New |
Incomplete |
|
2016-07-26 10:37:26 |
Morgan Fainberg |
bug |
|
|
added subscriber Glance Core security contacts |
2016-07-26 14:23:28 |
Nikhil Komawar |
bug |
|
|
added subscriber Hemanth Makkapati |
2016-07-26 14:23:38 |
Nikhil Komawar |
bug |
|
|
added subscriber Brian Rosmaita |
2016-07-26 14:23:50 |
Nikhil Komawar |
bug |
|
|
added subscriber Kairat Kushaev |
2016-07-26 14:24:17 |
Nikhil Komawar |
bug |
|
|
added subscriber Flavio Percoco |
2016-09-01 02:15:23 |
Tristan Cacqueray |
ossa: status |
Incomplete |
Opinion |
|
2016-09-01 02:15:38 |
Tristan Cacqueray |
bug |
|
|
added subscriber OSSG CoreSec |
2016-09-01 16:25:42 |
Travis McPeak |
bug task added |
|
ossn |
|
2016-09-01 17:39:08 |
Luke Hinds |
ossn: assignee |
|
Luke Hinds (lhinds) |
|
2016-09-29 17:15:53 |
Luke Hinds |
ossn: assignee |
Luke Hinds (lhinds) |
Travis McPeak (travis-mcpeak) |
|
2016-10-27 09:53:36 |
Brian Rosmaita |
removed subscriber Flavio Percoco |
|
|
|
2016-10-27 09:53:36 |
Brian Rosmaita |
removed subscriber Kairat Kushaev |
|
|
|
2017-01-26 19:49:39 |
Jeremy Stanley |
information type |
Private Security |
Public |
|
2017-01-26 19:49:51 |
Jeremy Stanley |
tags |
|
security |
|
2017-02-09 17:07:16 |
Robert Clark |
ossn: assignee |
Travis McPeak (travis-mcpeak) |
|
|
2017-02-09 23:08:10 |
Bryan Stephenson |
bug |
|
|
added subscriber Bryan Stephenson |
2017-02-15 22:49:18 |
Luke Hinds |
ossn: assignee |
|
Luke Hinds (lhinds) |
|
2017-03-09 10:53:07 |
Luke Hinds |
ossn: status |
New |
In Progress |
|
2017-03-16 10:39:01 |
Luke Hinds |
ossn: status |
In Progress |
Fix Released |
|
2017-09-25 18:17:04 |
Tristan Cacqueray |
description |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
copy_from allows to create Images with an url like http://localhost:22
The remote content gets copied unverified in the defined glance store.
E.g. after downloading the image with copy_from url http://localhost:22, you see the OpenSSH banner.
This is a security issue, as it allows users to do network "scans" for open ports and it copies remote (potentially malicious) content unverified to your configured glance store.
glance api v1 is still the default in horizon. |
copy_from allows to create Images with an url like http://localhost:22
The remote content gets copied unverified in the defined glance store.
E.g. after downloading the image with copy_from url http://localhost:22, you see the OpenSSH banner.
This is a security issue, as it allows users to do network "scans" for open ports and it copies remote (potentially malicious) content unverified to your configured glance store.
glance api v1 is still the default in horizon. |
|
2018-01-31 20:23:28 |
Brian Rosmaita |
glance: status |
New |
Won't Fix |
|