Comment 13 for bug 1664931
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: nova rebuild ignores all image properties and scheduler filters | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Thanks for the review, here is the updated impact description draft:
Title: Nova Filter Scheduler bypass through rebuild action
Reporter: George Shuklin (servers.com)
Products: Nova
Affects: >=13.0.0 <=13.1.3, >=14.0.0 <=14.0.4, >=15.0.0 <=15.0.1
George Shuklin from servers.com reported a vulnerability in Nova. By rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImageProperties
I'm still on the fence to keep this under embargo if the filter scheduler aren't a common use-case, should we subscribe ossg-coresec to weigh on this (as explained here: https:/
Otherwise we need coresec review on the proposed patch in comment #7 and backport to mitaka, newton and ocata, in particular since the patch doesn't apply cleanly on mitaka.