[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

gustavo panizzo <gfa> gfa at zumbi.com.ar
Thu Jan 16 17:37:01 UTC 2014


no, user is a regular user in only one of the tenants
none of the tenants are called admin, all users, tenants and roles are
stored in ldap in my case


On 01/16/2014 02:32 PM, Remo Mattei wrote:
> Just a quick note, is this user / tenant an admin?
>
> Ciao
> -- 
> Remo Mattei
>
> ------------------------------------------------------------------------
> Da: gustavo panizzo gustavo panizzo <mailto:gfa at zumbi.com.ar>
> Rispondi: gustavo panizzo gfa at zumbi.com.ar <mailto:gfa at zumbi.com.ar>
> Data: January 16, 2014 at 9:19:47
> A: Martinx - ジェームズ thiagocmartinsc at gmail.com
> <mailto:thiagocmartinsc at gmail.com>
> Oggetto: Re: [Openstack] Security Breach! Tenant A is seeing the VNC
> Consoles of Tenant B!
>> it's happening to us too
>>
>> did you fill a bug? can you share the bug number?
>>
>> thanks
>>
>> On 12/23/2013 07:18 PM, Martinx - ジェームズ wrote:
>>> Okay guys, no problem, I can fill a BUG as I did lots of times
>>> before using Launchpad but, I am unable to reproduce this problem in
>>> a fresh installation, so, how to proceed now?!
>>>
>>> I can give full access to my cloud for the experts but, I don't know
>>> if this is desired or not.
>>>
>>> Tks!
>>> Thiago
>>>
>>>
>>> On 23 December 2013 19:54, Jay Pipes <jaypipes at gmail.com
>>> <mailto:jaypipes at gmail.com>> wrote:
>>>
>>>     On 12/23/2013 04:32 PM, Jeffrey Walton wrote:
>>>
>>>          > This security breach is happening right now here and I
>>>          > don't know what can I do to fix it, or what should I type
>>>          > on a BUG at Launchpad...
>>>         Ubuntu has made it all but impossible to file bug reports. Their
>>>         circular redirects are worse than a telephone menu system
>>>         that takes you
>>>         down a bunch of dead-end paths. Unless you have the URL
>>>         jotted down in a
>>>         notebook....
>>>
>>>
>>>     It's only impossible if you don't read any directions.
>>>
>>>     https://bugs.launchpad.net/nova/+filebug
>>>
>>>     -jay
>>>
>>>
>>>     _______________________________________________
>>>     Mailing list:
>>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>     Post to     : openstack at lists.openstack.org
>>>     <mailto:openstack at lists.openstack.org>
>>>     Unsubscribe :
>>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>> --  
>> 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
>> !DSPAM:1,52d814b3107501772068915!
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>> !DSPAM:1,52d814b3107501772068915!


-- 
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140116/2dd95ed3/attachment.html>


More information about the Openstack mailing list