Apologies for taking it so long. I'm currently facing some issues in my
devstack env. I'll fix it up soon and get back on this bug to work on it.
But I want to mention that if this is on your priority list, you
may unassign me for now. I'll be happy to take this(if still not resolved)
or another one later on :)
Thank you.
On Thu, Jun 9, 2022 at 9:31 PM Vida Haririan <email address hidden>
wrote:
> See additional discussions at
>
> https://meetings.opendev.org/meetings/manila/2022/manila.2022-06-09-15.00.log.html
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1824442
>
> Title:
> Manila's share networks API exposes privileged network information
>
> Status in OpenStack Shared File Systems Service (Manila):
> Confirmed
> Status in OpenStack Security Advisory:
> Won't Fix
>
> Bug description:
> When creating share networks from neutron networks, a non-privileged
> project user can gather privileged neutron network information from
> the share networks API.
>
>
> Neutron network:
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ neutron net-show demo-net
> neutron CLI is deprecated and will be removed in the future. Use
> openstack CLI instead.
> +-------------------------+--------------------------------------+
> | Field | Value |
> +-------------------------+--------------------------------------+
> | admin_state_up | True |
> | availability_zone_hints | |
> | availability_zones | nova |
> | created_at | 2019-04-11T19:33:11Z |
> | description | |
> | id | 1e83e04c-fb5a-4985-b1a1-eb2044c447c5 |
> | ipv4_address_scope | |
> | ipv6_address_scope | |
> | l2_adjacency | True |
> | mtu | 1500 |
> | name | demo-net |
> | port_security_enabled | True |
> | project_id | 65bbd70550c44bd08e1e37691e5d5c41 |
> | qos_policy_id | |
> | revision_number | 3 |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | 4a46720e-c889-417b-b27d-1568473a537d |
> | tags | |
> | tenant_id | 65bbd70550c44bd08e1e37691e5d5c41 |
> | updated_at | 2019-04-11T19:33:43Z |
> +-------------------------+--------------------------------------+
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ neutron subnet-show demo-subnet
> neutron CLI is deprecated and will be removed in the future. Use
> openstack CLI instead.
> +-------------------+--------------------------------------------------+
> | Field | Value |
> +-------------------+--------------------------------------------------+
> | allocation_pools | {"start": "172.20.0.2", "end": "172.20.255.254"} |
> | cidr | 172.20.0.0/16 |
> | created_at | 2019-04-11T19:33:43Z |
> | description | |
> | dns_nameservers | 10.0.0.1 |
> | enable_dhcp | True |
> | gateway_ip | 172.20.0.1 |
> | host_routes | |
> | id | 4a46720e-c889-417b-b27d-1568473a537d |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | demo-subnet |
> | network_id | 1e83e04c-fb5a-4985-b1a1-eb2044c447c5 |
> | project_id | 65bbd70550c44bd08e1e37691e5d5c41 |
> | revision_number | 0 |
> | service_types | |
> | subnetpool_id | |
> | tags | |
> | tenant_id | 65bbd70550c44bd08e1e37691e5d5c41 |
> | updated_at | 2019-04-11T19:33:43Z |
> +-------------------+--------------------------------------------------+
>
>
>
> Manila share network:
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ manila share-network-show
> demo-sharenet
> +-------------------+--------------------------------------+
> | Property | Value |
> +-------------------+--------------------------------------+
> | network_type | vlan |
> | name | demo-sharenet |
> | segmentation_id | 1085 |
> | created_at | 2019-04-11T19:37:07.000000 |
> | neutron_subnet_id | 4a46720e-c889-417b-b27d-1568473a537d |
> | updated_at | 2019-04-11T19:41:51.000000 |
> | mtu | 1500 |
> | gateway | 172.20.0.1 |
> | neutron_net_id | 1e83e04c-fb5a-4985-b1a1-eb2044c447c5 |
> | ip_version | 4 |
> | cidr | 172.20.0.0/16 |
> | project_id | 65bbd70550c44bd08e1e37691e5d5c41 |
> | id | 7242d33b-53dc-4718-ba82-821ae68c4c9f |
> | description | None |
> +-------------------+--------------------------------------+
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/manila/+bug/1824442/+subscriptions
>
>
Hi Vida,
Apologies for taking it so long. I'm currently facing some issues in my
devstack env. I'll fix it up soon and get back on this bug to work on it.
But I want to mention that if this is on your priority list, you
may unassign me for now. I'll be happy to take this(if still not resolved)
or another one later on :)
Thank you.
On Thu, Jun 9, 2022 at 9:31 PM Vida Haririan <email address hidden>
wrote:
> See additional discussions at /meetings. opendev. org/meetings/ manila/ 2022/manila. 2022-06- 09-15.00. log.html /bugs.launchpad .net/bugs/ 1824442 ------- ------- -----+- ------- ------- ------- ------- ------- --+ ------- ------- -----+- ------- ------- ------- ------- ------- --+ zone_hints | | 11T19:33: 11Z | fb5a-4985- b1a1-eb2044c447 c5 | enabled | True | 08e1e37691e5d5c 41 | c889-417b- b27d-1568473a53 7d | 08e1e37691e5d5c 41 | 11T19:33: 43Z | ------- ------- -----+- ------- ------- ------- ------- ------- --+ ------- ------+ ------- ------- ------- ------- ------- ------- ------- -+ ------- ------+ ------- ------- ------- ------- ------- ------- ------- -+ 11T19:33: 43Z | c889-417b- b27d-1568473a53 7d | fb5a-4985- b1a1-eb2044c447 c5 | 08e1e37691e5d5c 41 | 08e1e37691e5d5c 41 | 11T19:33: 43Z | ------- ------+ ------- ------- ------- ------- ------- ------- ------- -+ ------- ------+ ------- ------- ------- ------- ------- ---+ ------- ------+ ------- ------- ------- ------- ------- ---+ 11T19:37: 07.000000 | c889-417b- b27d-1568473a53 7d | 11T19:41: 51.000000 | fb5a-4985- b1a1-eb2044c447 c5 | 08e1e37691e5d5c 41 | 53dc-4718- ba82-821ae68c4c 9f | ------- ------+ ------- ------- ------- ------- ------- ---+ /bugs.launchpad .net/manila/ +bug/1824442/ +subscriptions
>
> https:/
>
> --
> You received this bug notification because you are a bug assignee.
> https:/
>
> Title:
> Manila's share networks API exposes privileged network information
>
> Status in OpenStack Shared File Systems Service (Manila):
> Confirmed
> Status in OpenStack Security Advisory:
> Won't Fix
>
> Bug description:
> When creating share networks from neutron networks, a non-privileged
> project user can gather privileged neutron network information from
> the share networks API.
>
>
> Neutron network:
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ neutron net-show demo-net
> neutron CLI is deprecated and will be removed in the future. Use
> openstack CLI instead.
> +------
> | Field | Value |
> +------
> | admin_state_up | True |
> | availability_
> | availability_zones | nova |
> | created_at | 2019-04-
> | description | |
> | id | 1e83e04c-
> | ipv4_address_scope | |
> | ipv6_address_scope | |
> | l2_adjacency | True |
> | mtu | 1500 |
> | name | demo-net |
> | port_security_
> | project_id | 65bbd70550c44bd
> | qos_policy_id | |
> | revision_number | 3 |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | 4a46720e-
> | tags | |
> | tenant_id | 65bbd70550c44bd
> | updated_at | 2019-04-
> +------
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ neutron subnet-show demo-subnet
> neutron CLI is deprecated and will be removed in the future. Use
> openstack CLI instead.
> +------
> | Field | Value |
> +------
> | allocation_pools | {"start": "172.20.0.2", "end": "172.20.255.254"} |
> | cidr | 172.20.0.0/16 |
> | created_at | 2019-04-
> | description | |
> | dns_nameservers | 10.0.0.1 |
> | enable_dhcp | True |
> | gateway_ip | 172.20.0.1 |
> | host_routes | |
> | id | 4a46720e-
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | demo-subnet |
> | network_id | 1e83e04c-
> | project_id | 65bbd70550c44bd
> | revision_number | 0 |
> | service_types | |
> | subnetpool_id | |
> | tags | |
> | tenant_id | 65bbd70550c44bd
> | updated_at | 2019-04-
> +------
>
>
>
> Manila share network:
>
>
> (demo@overcloud) [stack@undercloud-0 ~]$ manila share-network-show
> demo-sharenet
> +------
> | Property | Value |
> +------
> | network_type | vlan |
> | name | demo-sharenet |
> | segmentation_id | 1085 |
> | created_at | 2019-04-
> | neutron_subnet_id | 4a46720e-
> | updated_at | 2019-04-
> | mtu | 1500 |
> | gateway | 172.20.0.1 |
> | neutron_net_id | 1e83e04c-
> | ip_version | 4 |
> | cidr | 172.20.0.0/16 |
> | project_id | 65bbd70550c44bd
> | id | 7242d33b-
> | description | None |
> +------
>
> To manage notifications about this bug go to:
> https:/
>
>