[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

Martinx - ジェームズ thiagocmartinsc at gmail.com
Thu Jan 16 22:07:07 UTC 2014 

I did not filled a bug yet... This was a huge trouble for me, that required
a full OpenStack reinstallation, from scratch.

My old cloud, that have this bug there, is shutdown right now but, it is
intact (with the bug alive), I'm planning to re-open it to some experts
this weekend.

Best,
Thiago




On 16 January 2014 15:37, gustavo panizzo <gfa> <gfa at zumbi.com.ar> wrote:

>  no, user is a regular user in only one of the tenants
> none of the tenants are called admin, all users, tenants and roles are
> stored in ldap in my case
>
>
>
> On 01/16/2014 02:32 PM, Remo Mattei wrote:
>
> Just a quick note, is this user / tenant an admin?
>
>  Ciao
> --
> Remo Mattei
>
>  ------------------------------
> Da: gustavo panizzo  gustavo panizzo  <gfa at zumbi.com.ar>
> Rispondi: gustavo panizzo  gfa at zumbi.com.ar
> Data: January 16, 2014 at 9:19:47
> A: Martinx - ジェームズ thiagocmartinsc at gmail.com
> Oggetto:  Re: [Openstack] Security Breach! Tenant A is seeing the VNC
> Consoles of Tenant B!
>
>  it's happening to us too
>
> did you fill a bug? can you share the bug number?
>
> thanks
>
> On 12/23/2013 07:18 PM, Martinx - ジェームズ wrote:
>
> Okay guys, no problem, I can fill a BUG as I did lots of times before
> using Launchpad but, I am unable to reproduce this problem in a fresh
> installation, so, how to proceed now?!
>
>  I can give full access to my cloud for the experts but, I don't know if
> this is desired or not.
>
>  Tks!
> Thiago
>
>
> On 23 December 2013 19:54, Jay Pipes <jaypipes at gmail.com> wrote:
>
>> On 12/23/2013 04:32 PM, Jeffrey Walton wrote:
>>
>>>  > This security breach is happening right now here and I
>>>  > don't know what can I do to fix it, or what should I type
>>>  > on a BUG at Launchpad...
>>> Ubuntu has made it all but impossible to file bug reports. Their
>>> circular redirects are worse than a telephone menu system that takes you
>>> down a bunch of dead-end paths. Unless you have the URL jotted down in a
>>> notebook....
>>>
>>
>>  It's only impossible if you don't read any directions.
>>
>> https://bugs.launchpad.net/nova/+filebug
>>
>> -jay
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> --
> 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
>
> !DSPAM:1,52d814b3107501772068915!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,52d814b3107501772068915!
>
>
>
> --
> 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140116/63649af9/attachment.html>

More information about the Openstack mailing list