OpenStack Compute (nova)

  1. Bug #1927677
  2. Comment #51

Comment 51 for bug 1927677

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.opendev.org/c/openstack/nova/+/805654
Committed: https://opendev.org/openstack/nova/commit/6fbd0b758dcac71323f3be179b1a9d1c17a4acc5
Submitter: "Zuul (22348)"
Branch: master

commit 6fbd0b758dcac71323f3be179b1a9d1c17a4acc5
Author: Sean Mooney <email address hidden>
Date: Mon Aug 23 15:37:48 2021 +0100

    address open redirect with 3 forward slashes

    Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
    to address OSSA-2021-002 (CVE-2021-3654) however after its
    release it was discovered that the fix only worked
    for urls with 2 leading slashes or more then 4.

    This change adresses the missing edgecase for 3 leading slashes
    and also maintian support for rejecting 2+.

    Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
    co-authored-by: Matteo Pozza
    Closes-Bug: #1927677