yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1606495] Re: copy_from in api v1 allows network port scan

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brian Rosmaita <rosmaita.fossdev@xxxxxxxxx>
Date: Wed, 31 Jan 2018 20:23:28 -0000
Reply-to: Bug 1606495 <1606495@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1606495

Title:
  copy_from in api v1 allows network port scan

Status in Glance:
  Won't Fix
Status in OpenStack Security Advisory:
  Opinion
Status in OpenStack Security Notes:
  Fix Released

Bug description:
  copy_from allows to create Images with an url like http://localhost:22
  The remote content gets copied unverified in the defined glance store.

  E.g. after downloading the image with copy_from url
  http://localhost:22, you see the OpenSSH banner.

  This is a security issue, as it allows users to do network "scans" for
  open ports and it copies remote (potentially malicious) content
  unverified to your configured glance store.

  glance api v1 is still the default in horizon.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1606495/+subscriptions