Information Disclosure through Error Messages
Bug #1585160 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
High
|
Alex Schultz | ||
6.0.x |
Invalid
|
High
|
Sergii Rizvan | ||
6.1.x |
Fix Released
|
High
|
Sergii Rizvan | ||
7.0.x |
Fix Released
|
High
|
Sergii Rizvan | ||
8.0.x |
Fix Released
|
High
|
Sergii Rizvan | ||
Mitaka |
Fix Released
|
High
|
Maksim Malchuk |
Bug Description
Detailed bug description:
Error messages were found on the server which disclosed SQL Code.
Steps to reproduce:
Access Fuel API and enter wrong request. Observe error response.
Expected results:
Short notice on error encountered.
Actual result:
Detailed information with description of SQL fields being evaluated.
Changed in fuel: | |
assignee: | Alex Schultz (alex-schultz) → Georgy Kibardin (gkibardin) |
Changed in fuel: | |
assignee: | Georgy Kibardin (gkibardin) → Alex Schultz (alex-schultz) |
Changed in fuel: | |
status: | Confirmed → Fix Committed |
tags: | added: on-verification |
tags: | removed: on-verification |
tags: | added: feature-security |
tags: | added: on-verification |
tags: | added: on-verification |
tags: | added: on-verification |
tags: | added: on-verification |
Changed in fuel: | |
status: | Fix Committed → Fix Released |
tags: | removed: on-verification |
To post a comment you must log in.
Medium priority bugs should be targeted to 10.0 because we passed SCF in 9.0.