[Openstack-security] [Bug 1175193] Re: Instance actions history is unbounded
Thierry Carrez
thierry.carrez+lp at gmail.com
Thu May 9 09:03:02 UTC 2013
Awesome, thx Kurt! I definitely agree that it's a grey area... and that
if it were wildly asymmetric or unauthenticated this would be much more
"exploitable".
** Changed in: nova
Importance: Undecided => High
** Changed in: nova
Status: New => Confirmed
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1175193
Title:
Instance actions history is unbounded
Status in OpenStack Compute (Nova):
Confirmed
Bug description:
Grizzly included a new feature to keep a history of actions performed
on an instance. The history kept in the database is unbounded. As a
result, a malicious user could perform actions in a loop and cause the
database to grow without bounds. Some of the quicker actions that
could be used to exploit this are pause, unpause, or change password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1175193/+subscriptions
More information about the Openstack-security
mailing list