yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1492140] Fix included in openstack/nova queens-eol

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1492140@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Nov 2022 18:12:22 -0000
Reply-to: Bug 1492140 <1492140@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This issue was fixed in the openstack/nova queens-eol  release.

** Changed in: nova/queens
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1492140

Title:
  [OSSA-2020-001] Nova can leak consoleauth token into log files
  (CVE-2015-9543)

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) pike series:
  Fix Released
Status in OpenStack Compute (nova) queens series:
  Fix Released
Status in OpenStack Compute (nova) rocky series:
  Fix Committed
Status in OpenStack Compute (nova) stein series:
  Fix Released
Status in OpenStack Compute (nova) train series:
  Fix Released
Status in oslo.utils:
  Fix Released
Status in OpenStack Security Advisory:
  Fix Released

Bug description:
  when instance console is accessed auth token is displayed nova-
  consoleauth.log

  nova-consoleauth.log:874:2015-09-02 14:20:36 29941 INFO nova.consoleauth.manager [req-6bc7c116-5681-43ee-828d-4b8ff9d566d0 fe3cd6b7b56f44c9a0d3f5f2546ad4db 37b377441b174b8ba2deda6a6221e399] Received Token: f8ea537c-b924-4d92-935e-4c22ec90d5f7, {'instance_uuid': u'dd29a899-0076-4978-aa50-8fb752f0c3ed', 'access_url': u'http://192.168.245.9:6080/vnc_auto.html?token=f8ea537c-b924-4d92-935e-4c22ec90d5f7', 'token': u'f8ea537c-b924-4d92-935e-4c22ec90d5f7', 'last_activity_at': 1441203636.387588, 'internal_access_path': None, 'console_type': u'novnc', 'host': u'192.168.245.6', 'port': u'5900'}
  nova-consoleauth.log:881:2015-09-02 14:20:52 29941 INFO nova.consoleauth.manager [req-a29ab7d8-ab26-4ef2-b942-9bb02d5703a0 None None] Checking Token: f8ea537c-b924-4d92-935e-4c22ec90d5f7, True

  and

  nova-novncproxy.log:30:2015-09-02 14:20:52 31927 INFO
  nova.console.websocketproxy [req-a29ab7d8-ab26-4ef2-b942-9bb02d5703a0
  None None]   3: connect info: {u'instance_uuid':
  u'dd29a899-0076-4978-aa50-8fb752f0c3ed', u'internal_access_path':
  None, u'last_activity_at': 1441203636.387588, u'console_type':
  u'novnc', u'host': u'192.168.245.6', u'token':
  u'f8ea537c-b924-4d92-935e-4c22ec90d5f7', u'access_url':
  u'http://192.168.245.9:6080/vnc_auto.html?token=f8ea537c-b924-4d92-935e-4c22ec90d5f7',
  u'port': u'5900'}

  This token has a short lifetime but the exposure still represents a
  potential security weakness, especially as the log record in question
  are INFO level and thus available via centralized logging. A user with
  real time access to these records could mount a denial of service
  attack by accessing the instance console and performing a ctl alt del
  to reboot it

  Alternatively data privacy could be compromised if the attacker were
  able to obtain user credentials

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1492140/+subscriptions