Bug 1434244 (CVE-2017-7200)
Summary: | CVE-2017-7200 openstack-glance: API v1 copy_from reveals network details | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Summer Long <slong> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aortega, apevec, ayoung, chrisw, cvsbot-xmlrpc, cyril, eglynn, ekuvaja, fpercoco, jjoyce, jschluet, kbasil, lhh, lpeer, markmc, rbryant, sclewis, srevivo, tdecacqu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
The copy_from feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to originate from the Image Service. This is classified as a Server-Side Request Forgery (SSRF). Note: Some knowledge of the internal network might be necessary to exploit this flaw internally (apart from localhost).
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-05-08 03:45:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1436509, 1436510, 1436511, 1436512 | ||
Bug Blocks: | 1432713 |
Description
Summer Long
2017-03-21 05:31:24 UTC
External References: https://wiki.openstack.org/wiki/OSSN/OSSN-0078 https://bugs.launchpad.net/ossn/+bug/1606495 https://bugs.launchpad.net/ossn/+bug/1153614 Statement: Because the Image Service APIv1 was deprecated in Newton and because a workaround is possible, no fix is being made available. For impacted products and the recommended mitigation, see the Knowledge Base article for this issue: https://access.redhat.com/security/vulnerabilities/2999581 |