

























| 第39行: | 第39行: | ||
* Mailing List: [security-sig] tag on openstack-discuss@lists.openstack.org | * Mailing List: [security-sig] tag on openstack-discuss@lists.openstack.org | ||
* OpenStack Security: [https://security.openstack.org/ https://security.openstack.org/] | * OpenStack Security: [https://security.openstack.org/ https://security.openstack.org/] | ||
| − | * CVE: | + | * CVE: CVE-2026-55748 |
Horizon generates shell scripts for OpenStack RC file downloads with user-provided values in double-quoted strings without escaping shell metacharacters. A domain manager can set a project name containing $() or backtick sequences that execute arbitrary commands when a user sources the RC file.
A domain manager who can rename a project can inject commands that run in the shell of any user who downloads and sources the RC file for that project.
Upgrade to a version of horizon containing the fix. As a workaround, inspect downloaded RC files before sourcing them, or use clouds.yaml for CLI authentication instead.
The following reviews contain the fix for this issue:
Tim Shephard, roiai.ca
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。