** Changed in: horizon
Status: New => In Progress
** Changed in: horizon
Assignee: (unassigned) => Gary W. Smith (gary-w-smith)
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1575913
Title:
Generate and download keypair GET endpoint allows CSRF attacks
Status in OpenStack Dashboard (Horizon):
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
Requests to create (and download) nova keypairs are made as GETs. As
such the CSRF token is not sent nor validated on these requests. This
breaks the principle Django's CSRF middleware relies upon which is
that requests with side effects should not cause side effects. I'm
told there was a reason for doing this related to being able to send
the data back to the browser, and that this may not be trivial to fix.
Filing this as a security bug since a malicious site could fool a user
into creating keypairs. The attacker would not gain access to the
contents, so the impact is not as serious as it might seem at first
glance.
See
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/access_and_security/keypairs/views.py#L112
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1575913/+subscriptions