Insecure temp file usage in vanilla plugin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Invalid
|
Undecided
|
Unassigned | ||
Sahara |
Fix Released
|
Critical
|
Andrew Lazarev |
Bug Description
On this line: https:/
Since this file is not created with secure permissions, any user can read the contents or tamper with it. If the file is tampered with, an attacker can run arbitrary commands on the database, including any SQL queries. These queries might compromise confidentiality, or destroy data (integrity).
Secure files should be created securely, and any time files are created, they should have the most restrictive permissions possible set on them.
Changed in sahara: | |
milestone: | none → kilo-1 |
status: | New → Confirmed |
Changed in sahara: | |
milestone: | kilo-1 → juno-rc1 |
Changed in ossa: | |
status: | Incomplete → Invalid |
information type: | Private Security → Public Security |
Changed in sahara: | |
assignee: | nobody → Andrew Lazarev (alazarev) |
Changed in sahara: | |
status: | Fix Committed → Fix Released |
Changed in sahara: | |
milestone: | juno-rc1 → 2014.2 |
OSSA?