memcached on under/over clouds can be walked for tokens
Bug #1738835 reported by
Derek Higgins
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Derek Higgins |
Bug Description
memcached in various versions of tripleo contain keystone auth tokens which
can be retrived by a host on the same network.
Memcached in tripleo is running in such a way as to allow users to walk and read the contents. As memcached contains keystone tokens, user with access to the service (e.g. on the management network) can read those tokens.
Changed in tripleo: | |
importance: | Undecided → High |
milestone: | none → queens-rc1 |
tags: | added: pike-backport-potential |
information type: | Public → Public Security |
Changed in tripleo: | |
milestone: | queens-rc1 → rocky-1 |
Changed in tripleo: | |
milestone: | rocky-1 → rocky-2 |
Changed in tripleo: | |
milestone: | rocky-2 → rocky-3 |
Changed in tripleo: | |
milestone: | rocky-3 → rocky-rc1 |
Changed in tripleo: | |
milestone: | rocky-rc1 → stein-1 |
Changed in tripleo: | |
milestone: | stein-1 → stein-2 |
Changed in tripleo: | |
milestone: | stein-2 → stein-3 |
Changed in tripleo: | |
status: | In Progress → Won't Fix |
status: | Won't Fix → Fix Released |
To post a comment you must log in.
After discussing with various stakeholders, as this requires access to trusted networks we're happy that this doesn't require a embargo. So I propose making it public and fixing in the open.