Public bug reported:
Example url: https://<horizon>/api/keystone/svc-catalog/
Different application responses contain resource links which disclose
internal IP addresses. Threat actors could learn valuable information
and plan further attacks on disclosed systems. Horizon should avoid
including internal IP addresses in application responses
** Affects: horizon
Importance: Undecided
Assignee: Oleksiy Petrenko (enacero)
Status: In Progress
** Changed in: horizon
Assignee: (unassigned) => Oleksiy Petrenko (enacero)
** Changed in: horizon
Status: New => In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1798832
Title:
Horizon exposes internal IP addresses via keystone/svc-catalog API
Status in OpenStack Dashboard (Horizon):
In Progress
Bug description:
Example url: https://<horizon>/api/keystone/svc-catalog/
Different application responses contain resource links which disclose
internal IP addresses. Threat actors could learn valuable information
and plan further attacks on disclosed systems. Horizon should avoid
including internal IP addresses in application responses
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1798832/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
