[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

Jay Pipes jaypipes at gmail.com
Mon Dec 23 22:23:36 UTC 2013


On 12/23/2013 05:18 PM, Martinx - ジェームズ wrote:
> Okay guys, no problem, I can fill a BUG as I did lots of times before
> using Launchpad but, I am unable to reproduce this problem in a fresh
> installation, so, how to proceed now?!

I wasn't yelling at you (or Jeffrey)... was just being a wise-crack. 
Forgive me :)

> I can give full access to my cloud for the experts but, I don't know if
> this is desired or not.

Well, first things first, log the bug and mark it private. That will get 
the attention of the PTL and the security bug list folks.

After that, developers will be assigned to investigate.

Best,
jay

> On 23 December 2013 19:54, Jay Pipes <jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>> wrote:
>
>     On 12/23/2013 04:32 PM, Jeffrey Walton wrote:
>
>           > This security breach is happening right now here and I
>           > don't know what can I do to fix it, or what should I type
>           > on a BUG at Launchpad...
>         Ubuntu has made it all but impossible to file bug reports. Their
>         circular redirects are worse than a telephone menu system that
>         takes you
>         down a bunch of dead-end paths. Unless you have the URL jotted
>         down in a
>         notebook....
>
>
>     It's only impossible if you don't read any directions.
>
>     https://bugs.launchpad.net/__nova/+filebug
>     <https://bugs.launchpad.net/nova/+filebug>
>
>     -jay
>
>
>     _________________________________________________
>     Mailing list:
>     http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack
>     <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
>     Post to     : openstack at lists.openstack.org
>     <mailto:openstack at lists.openstack.org>
>     Unsubscribe :
>     http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack
>     <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
>
>





More information about the Openstack mailing list