Comment 16 for bug 1824442
Revision history for this message
| Archana Kumari (archanaserver) wrote Re: [Bug 1824442] Re: Manila's share networks API exposes privileged network information | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Hi Vida,
Apologies for taking it so long. I'm currently facing some issues in my
devstack env. I'll fix it up soon and get back on this bug to work on it.
But I want to mention that if this is on your priority list, you
may unassign me for now. I'll be happy to take this(if still not resolved)
or another one later on :)
Thank you.
On Thu, Jun 9, 2022 at 9:31 PM Vida Haririan <email address hidden>
wrote:
> See additional discussions at
>
> https:/
>
> --
> You received this bug notification because you are a bug assignee.
> https:/
>
> Title:
> Manila's share networks API exposes privileged network information
>
> Status in OpenStack Shared File Systems Service (Manila):
> Confirmed
> Status in OpenStack Security Advisory:
> Won't Fix
>
> Bug description:
> When creating share networks from neutron networks, a non-privileged
> project user can gather privileged neutron network information from
> the share networks API.
>
>
> Neutron network:
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ neutron net-show demo-net
> neutron CLI is deprecated and will be removed in the future. Use
> openstack CLI instead.
> +------
> | Field | Value |
> +------
> | admin_state_up | True |
> | availability_
> | availability_zones | nova |
> | created_at | 2019-04-
> | description | |
> | id | 1e83e04c-
> | ipv4_address_scope | |
> | ipv6_address_scope | |
> | l2_adjacency | True |
> | mtu | 1500 |
> | name | demo-net |
> | port_security_
> | project_id | 65bbd70550c44bd
> | qos_policy_id | |
> | revision_number | 3 |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | 4a46720e-
> | tags | |
> | tenant_id | 65bbd70550c44bd
> | updated_at | 2019-04-
> +------
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ neutron subnet-show demo-subnet
> neutron CLI is deprecated and will be removed in the future. Use
> openstack CLI instead.
> +------
> | Field | Value |
> +------
> | allocation_pools | {"start": "172.20.0.2", "end": "172.20.255.254"} |
> | cidr | 172.20.0.0/16 |
> | created_at | 2019-04-
> | description | |
> | dns_nameservers | 10.0.0.1 |
> | enable_dhcp | True |
> | gateway_ip | 172.20.0.1 |
> | host_routes | |
> | id | 4a46720e-
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | demo-subnet |
> | network_id | 1e83e04c-
> | project_id | 65bbd70550c44bd
> | revision_number | 0 |
> | service_types | |
> | subnetpool_id | |
> | tags | |
> | tenant_id | 65bbd70550c44bd
> | updated_at | 2019-04-
> +------
>
>
>
> Manila share network:
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ manila share-network-show
> demo-sharenet
> +------
> | Property | Value |
> +------
> | network_type | vlan |
> | name | demo-sharenet |
> | segmentation_id | 1085 |
> | created_at | 2019-04-
> | neutron_subnet_id | 4a46720e-
> | updated_at | 2019-04-
> | mtu | 1500 |
> | gateway | 172.20.0.1 |
> | neutron_net_id | 1e83e04c-
> | ip_version | 4 |
> | cidr | 172.20.0.0/16 |
> | project_id | 65bbd70550c44bd
> | id | 7242d33b-
> | description | None |
> +------
>
> To manage notifications about this bug go to:
> https:/
>
>