OSSN/OSSN-0073
Horizon dashboard leaks internal information through cookiesBig text
SummaryBig text
When horizon is configured, its URL contains the IP address of the internal URL of keystone. If the internal network is different than the public network, the IP address of the internal network will be displayed by the horizon, which can expose sensitive information - internal IP address. The cookie "login_region" will be set to the value configured as OPENSTACK_KEYSTONE_URL.
Affected ServicesBig text
Keystone, Horizon
DiscussionBig text This seems to be a misconfiguration issue, instead of a real bug. Exposing the internalURL is not a bug either way, one views the internalURL, either it's a freely accessible endpoint to authorized users, or it's hidden behind a firewall. Also, the data for internal URLs are freely available in the catalog and the catalog is not considered private information.
Contacts / ReferenceBig text
Author: Khanak Nangia, Intel This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0073 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1585831 Related bug : https://bugs.launchpad.net/horizon/+bug/1597864 OpenStack Security ML : openstack-dev@lists.openstack.org OpenStack Security Group : https://launchpad.net/~openstack-ossg