yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1787943] Re: Internal endpoint address revealed in a cookie

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Radomir Dopieralski <1787943@xxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Aug 2018 11:52:12 -0000
Reply-to: Bug 1787943 <1787943@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: horizon
   Importance: Undecided
       Status: New

** Changed in: horizon
     Assignee: (unassigned) => Radomir Dopieralski (deshipu)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1787943

Title:
  Internal endpoint address revealed in a cookie

Status in django-openstack-auth:
  New
Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  When the user logs in, django-openstack-auth sets a "login_region" key
  in the cookie to the value of the internal Keystone address. This is a
  potential security problem, as information about the internal
  addresses is leaked to the outside.

To manage notifications about this bug go to:
https://bugs.launchpad.net/django-openstack-auth/+bug/1787943/+subscriptions