Permanent Cookie Contains Sensitive Session Information
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
High
|
Paul Karikh | ||
5.1.x |
Won't Fix
|
Medium
|
Unassigned | ||
6.0.x |
Won't Fix
|
Medium
|
Unassigned | ||
6.1.x |
Won't Fix
|
Medium
|
Unassigned | ||
7.0.x |
Won't Fix
|
Medium
|
MOS Maintenance |
Bug Description
Observed on:
All Horizon implementations using Django versions prior to 1.7
Problem description:
Http session cookie (Horizon cookie) containing CSRF token is stored on disk for a long period of time.
This makes possible to perform CSRF attack on Horizon when cookie gets revealed/stolen from disk.
Upstream bug report:
https:/
Solution proposal:
- ensure that we ship MOS with appropriate Django version >=1.7
- patch Django shipped with MOS if older version is used
- apply other CSRF preventive actions:
https:/
https:/
Changed in mos: | |
milestone: | none → 8.0 |
importance: | Undecided → Medium |
assignee: | nobody → MOS Horizon (mos-horizon) |
description: | updated |
Changed in mos: | |
status: | New → Confirmed |
tags: | added: horizon |
Changed in mos: | |
assignee: | MOS Horizon (mos-horizon) → Timur Sufiev (tsufiev-x) |
information type: | Private Security → Public Security |
Changed in mos: | |
status: | Confirmed → In Progress |
assignee: | Timur Sufiev (tsufiev-x) → Paul Karikh (pkarikh) |
Changed in mos: | |
status: | In Progress → Fix Committed |
tags: |
added: area-horizon removed: horizon |
Won't Fix for 7.0-updates because of Medium importance