20 lines
837 B
YAML
20 lines
837 B
YAML
---
|
|
security:
|
|
- |
|
|
A vulnerability in the console proxies (novnc, serial, spice) that allowed
|
|
open redirection has been `patched`_. The novnc, serial, and spice console
|
|
proxies are implemented as websockify servers and the request handler
|
|
inherits from the python standard SimpleHTTPRequestHandler. There is a
|
|
`known issue`_ in the SimpleHTTPRequestHandler which allows open redirects
|
|
by way of URLs in the following format::
|
|
|
|
http://vncproxy.my.domain.com//example.com/%2F..
|
|
|
|
which if visited, will redirect a user to example.com.
|
|
|
|
The novnc, serial, and spice console proxies will now reject requests that
|
|
pass a redirection URL beginning with "//" with a 400 Bad Request.
|
|
|
|
.. _patched: https://bugs.launchpad.net/nova/+bug/1927677
|
|
.. _known issue: https://bugs.python.org/issue32084
|