Reviewed: https://review.openstack.org/611819 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=31718cd1afe9bf115dbe09b0d232a5d9ae13ae61 Submitter: Zuul Branch: master
commit 31718cd1afe9bf115dbe09b0d232a5d9ae13ae61 Author: Alex Petrenko <[email protected]> Date: Fri Oct 19 12:10:38 2018 +0300 Refactor app response for api request '/api/keystone/svc-catalog' Add filtration for service catalog. Now all endpoints that are not public will not be seen. Change-Id: I6db214f849d13c4c71e176f00113e889ff2d2997 Closes-Bug: #1798832 ** Changed in: horizon Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1798832 Title: Horizon exposes internal IP addresses via keystone/svc-catalog API Status in OpenStack Dashboard (Horizon): Fix Released Bug description: Example url: https://<horizon>/api/keystone/svc-catalog/ Different application responses contain resource links which disclose internal IP addresses. Threat actors could learn valuable information and plan further attacks on disclosed systems. Horizon should avoid including internal IP addresses in application responses To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1798832/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
