Open Stack

[stack at devstack devstack]$ ip addr | grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.199.151/24 brd 192.168.199.255 scope global noprefixroute ens33

[root at devstack nova]# git log
commit d2bf17eaf4c66fc7ffec671e0d2d7ed2b4dde87c
Merge: dd12b3b 0461921
Author: Zuul <zuul at review.opendev.org>
Date:   Thu Dec 5 01:24:30 2019 +0000

    Merge "Cache security group driver"

commit dd12b3b407ea3d5b8cdaf404c43b7d25b2e3927a
Merge: 0a1b604 846fc0a
Author: Zuul <zuul at review.opendev.org>
Date:   Thu Dec 5 00:30:00 2019 +0000


add my ip of my environment is above. and my current branch is at master

shall we close this bug

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1563954

Title:
  use_forwarded_for exposes metadata

Status in OpenStack Compute (nova):
  Confirmed
Status in OpenStack Security Advisory:
  Opinion
Status in OpenStack Security Notes:
  Fix Released

Bug description:
  The nova metadata service uses the remote address to determine which
  metadata to retrieve. In order to work behind a proxy there is an
  option use_forwarded_for which will use the X-Forwarded-For header to
  determine the remote IP.

  If this option is set then anyone who can access the metadata port can
  request metadata for any instance if they know the IP.

  The user data is also exposed.

  $ echo 123456 > /tmp/data
  $ openstack server create --image CentOS7 --flavor fedora --user-data /tmp/data test
  <wait>
  $ curl -H 'X-Forwarded-For: 10.0.0.7' http://localhost:8775/latest/user-data/
  123456

  At a minimum this side-effect isn't documented anywhere I could find.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1563954/+subscriptions