yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1717121] [NEW] Security group Inbound rule allows ip addresses with /0 option.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Nilesh <nilesh892003@xxxxxxxxx>
Date: Wed, 13 Sep 2017 23:49:10 -0000
Reply-to: Bug 1717121 <1717121@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Under security groups, when we try to add a new inbound rule using CIDR
it doesn`t validate the input.

example.

0.0.0.0/0 is a rule that will open inbound access to internet. but at
the same time if there is a valid ip e.g. 172.155.0.0/0 then "0" bit
match should not be allowed.


This UI validation is the part of AWS. so even if someone by mistake types the /0 with valid ip address it will make the rule to open the inbound to entire internet.

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1717121

Title:
  Security group Inbound rule allows ip addresses with /0 option.

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Under security groups, when we try to add a new inbound rule using
  CIDR it doesn`t validate the input.

  example.

  0.0.0.0/0 is a rule that will open inbound access to internet. but at
  the same time if there is a valid ip e.g. 172.155.0.0/0 then "0" bit
  match should not be allowed.

  
  This UI validation is the part of AWS. so even if someone by mistake types the /0 with valid ip address it will make the rule to open the inbound to entire internet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1717121/+subscriptions

Follow ups

[Bug 1717121] Re: Security group Inbound rule allows ip addresses with /0 option.
From: Gary W. Smith, 2017-09-25