← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #86797

[Bug 1931558] Re: LFI vulnerability in "Create Workbook"

  Thread PreviousDate PreviousThread Next 
The fix is still partial.

Mistral team, can you take care of the progress of the fix?
I am a horizon-coresec and horizon-stable-maint but have no power to move this forward.

The following is my understanding. Hope it helps you track the progress.

- master branch
-- A preparation added in python-mistralclient has landed.
-- A new release of python-mistralclient is required so that mistral-dashboard can consume it.
-- A fix in mistral-dashboard should land.
- stable branches
-- The change in both mistral-dashboard and python-mistralclient should be backported in all maintained branches
-- I don't know which branches are affected.

** Also affects: mistral
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1931558

Title:
  LFI vulnerability in "Create Workbook"

Status in OpenStack Dashboard (Horizon):
  Invalid
Status in Mistral:
  New
Status in OpenStack Security Advisory:
  Won't Fix
Status in python-mistralclient:
  New

Bug description:
  Hello,
  I've found a Local File Inclusion (LFI) vulnerability in creating a workbook on OpenStack Dashboard.
  This vulnerability allows the attacker to read a sensitive file on the server like /etc/password, config file, etc. Tested version: Victoria Horizon 18.6.3
  I do not an opportunity to test the other version, but I think those versions also vulnerable.

  Steps to reproduce:
  1. Create a text file datnt78.txt with content: "/etc/passwd"
  2. Select Workflow -> Workbooks -> Create Workbook
  3. In "Definition Source" select "File" then browse datnt78.txt file then click Validate and got /etc/passwd content.

  This is the request: http://paste.openstack.org/show/806520/
  This is the response: http://paste.openstack.org/show/806521/
  Please find the sample file and POC image in the attachment.

  Thank you,
  DatNT78 at FTEL CSOC

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1931558/+subscriptions
  Thread PreviousDate PreviousThread Next