[Openstack-security] [Bug 1370295] Re: Possible SQL Injection vulnerability in hyperv volumeutils2
Sean Dague
sean at dague.net
Wed Dec 10 22:28:59 UTC 2014
The patch is stalled. And honestly WQL is not really exposed in a
substantial way here.
** Tags added: hyperv
** Changed in: nova
Status: In Progress => Opinion
** Changed in: nova
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1370295
Title:
Possible SQL Injection vulnerability in hyperv volumeutils2
Status in OpenStack Compute (Nova):
Opinion
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
This line:
https://github.com/openstack/nova/blob/master/nova/virt/hyperv/volumeutilsv2.py#L54
makes a raw SQL query using input from target_address and target_port.
If an attacker is able to manipulate either of these parameters, they
can exploit a SQL injection vulnerability.
If neither of these parameters can be controlled by an attacker, it's
probably OK to fix this in public. These should definitely at least
be strengthened by using prepared statements, or even better, a secure
SQL library such as sqlalchemy.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1370295/+subscriptions
More information about the Openstack-security
mailing list