Open Stack

Public bug reported:

One of the donor service providers for the upstream OpenStack
Infrastructure CI pool has notified us that their security team's
periodic vulnerability scans have been identifying systems at random
within our environment as running open memcached servers. Job
correlation from these reports indicates each was running one of the
following:

kolla-ansible-oraclelinux-binary
kolla-ansible-oraclelinux-source
kolla-ansible-oraclelinux-source-ceph

Please adjust the configuration of your job framework to prevent these
services from being exposed to the Internet (through iptables ingress
filters, service ACLs, configuring them to not listen on globally-
routable interfaces, whatever works). Thanks!

** Affects: kolla-ansible
     Importance: Undecided
         Status: New


** Tags: security

** Tags added: security

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1749326

Title:
  Exploitable services exposed on community test nodes

Status in kolla-ansible:
  New

Bug description:
  One of the donor service providers for the upstream OpenStack
  Infrastructure CI pool has notified us that their security team's
  periodic vulnerability scans have been identifying systems at random
  within our environment as running open memcached servers. Job
  correlation from these reports indicates each was running one of the
  following:

  kolla-ansible-oraclelinux-binary
  kolla-ansible-oraclelinux-source
  kolla-ansible-oraclelinux-source-ceph

  Please adjust the configuration of your job framework to prevent these
  services from being exposed to the Internet (through iptables ingress
  filters, service ACLs, configuring them to not listen on globally-
  routable interfaces, whatever works). Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/kolla-ansible/+bug/1749326/+subscriptions