OpenStack Compute (nova)

  1. Bug #1927677
  2. Comment #67

Comment 67 for bug 1927677

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/nova/+/806628
Committed: https://opendev.org/openstack/nova/commit/0997043f459ac616b594363b5b253bd0ae6ed9eb
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 0997043f459ac616b594363b5b253bd0ae6ed9eb
Author: Sean Mooney <email address hidden>
Date: Mon Aug 23 15:37:48 2021 +0100

    address open redirect with 3 forward slashes

    Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
    to address OSSA-2021-002 (CVE-2021-3654) however after its
    release it was discovered that the fix only worked
    for urls with 2 leading slashes or more then 4.

    This change adresses the missing edgecase for 3 leading slashes
    and also maintian support for rejecting 2+.

    Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
    co-authored-by: Matteo Pozza
    Closes-Bug: #1927677
    (cherry picked from commit 6fbd0b758dcac71323f3be179b1a9d1c17a4acc5)
    (cherry picked from commit 47dad4836a26292e9d34e516e1525ecf00be127c)
    (cherry picked from commit 9588cdbfd4649ea53d60303f2d10c5d62a070a07)