Bug 1193638 (CVE-2015-0271)

Summary: CVE-2015-0271 OpenStack dashboard: log file arbitrary file retrieval
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, chrisw, dallan, dvarga, gkotton, gmollett, kroberts, lhh, lpeer, markmc, rbryant, sclewis, security-response-team, vkaigoro, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard (horizon) did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-17 07:40:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1193739, 1193740, 1193741    
Bug Blocks: 1193492, 1193641    

Description Kurt Seifried 2015-02-17 19:13:37 UTC 
Sara Perez Merino of SensePost reports:

In the file logs/views.py the logs() call fails to sanitize the path taken when
displaying a file requested by a remote client, allowing any readable file on 
the system to be viewed.
Comment 6 Garth Mollett 2015-02-18 03:04:46 UTC 
Acknowledgements:

Red Hat would like to thank Sara Perez Merino of SensePost for reporting this issue.
Comment 10 Garth Mollett 2015-02-18 18:54:22 UTC 
*** Bug 1193491 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2015-03-05 19:30:22 UTC 
This issue has been addressed in the following products:

  OpenStack 6 for RHEL 7

Via RHSA-2015:0645 https://rhn.redhat.com/errata/RHSA-2015-0645.html
Comment 13 errata-xmlrpc 2015-04-16 13:57:18 UTC 
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2015:0841 https://rhn.redhat.com/errata/RHSA-2015-0841.html
Comment 14 errata-xmlrpc 2015-04-16 13:57:57 UTC 
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2015:0840 https://rhn.redhat.com/errata/RHSA-2015-0840.html