Security Notes

The OpenStack Security Project (OSSP) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

For advice on how to write OpenStack Security Notes see the Security Note Process documentation.

Published Security Notes

 * OSSN-0092 - Using Configuration as a Short-Term Mitigation for OSSA-2023-003
 * OSSN-0091 - BMC emulators developed in OpenStack community do not preserve passwords on VMs
 * OSSN-0090 - Best practices when configuring Glance with COW backends
 * OSSN-0089 - Missing configuration option in Secure Live Migration guide leads to unencrypted traffic
 * OSSN-0088 - Some of the Glance metadef APIs likely to leak resources
 * OSSN-0087 - Ceph user credential leakage to consumers of OpenStack Manila
 * OSSN-0086 - Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
 * OSSN-0085 - Cinder configuration option can leak secret key from Ceph backend
 * OSSN-0084 - ScaleIO volumes can retain data through reformatting
 * OSSN-0083 - Keystone policy rule "identity:get_identity_providers" was ignored
 * OSSN-0082 - Heap and Stack based buffer overflows in dnsmasq prior to version 2.78
 * OSSN-0081 - Reserved sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing
 * OSSN-0080 - Aodh can be used to launder Keystone trusts
 * OSSN-0079 - Ceph credentials included in logs using older libvirt/qemu
 * OSSN-0078 - copy_from in Image Service API v1 allows network port scan
 * OSSN-0076 - Glance Image service v1 and v2 api image-create vulnerability
 * OSSN-0075 - Deleted Glance image IDs may be reassigned
 * OSSN-0074 - Nova metadata service should not be used for sensitive information
 * OSSN-0073 - Horizon dashboard leaks internal information through cookies
 * OSSN-0070 - Bandit versions lower than 1.1.0 do not escape HTML in issue reports
 * OSSN-0069 - Host OS exposed to tenant networks via IPv6
 * OSSN-0068 - Repeated token revocation requests, can lead to service degradation or disruption
 * OSSN-0067 - Barbican server discloses SQL password and X-auth token values via LOG.debug ("work in progress")
 * OSSN-0066 - MongoDB guest instance allows any user to connect
 * OSSN-0065 - Users of Glance may be able to replace active image data
 * OSSN-0064 - Keystone 'Admin_Token' in default configuration leads to insecure operation
 * OSSN-0063 - Nova and Cinder key manager for Barbican misuses cached credentials (9 Jun 2016)
 * OSSN-0062 - Potential reuse of revoked Identity tokens (15 Dec 2015)
 * OSSN-0061 - Glance image signature uses an insecure hash algorithm (MD5) (15 Dec 2015)
 * OSSN-0060 - Glance configuration option can lead to privilege escalation (25 Jan 2016)
 * OSSN-0059 - Trusted vm can be powered on untrusted host (16 Nov 2015)
 * OSSN-0058 - Cinder LVMISCIDriver allows possible unauthenticated mounting of volumes (17 Sep 2015)
 * OSSN-0057 - DoS style attack on Glance service can lead to service interruption or disruption (15 Oct 2015)
 * OSSN-0056 - Cached keystone tokens may be accepted after revocation (17 Sep 2015)
 * OSSN-0055 - Service accounts may have cloud admin privileges (17 Sep 2015)
 * OSSN-0054 - Potential Denial of Service in Horizon login (17 Sep 2015)
 * OSSN-0053 - Keystone token disclosure may result in malicious trust creation (23 Sep 2015)
 * OSSN-0052 - Python-swiftclient exposes raw token values in debug logs (17 Sep 2015)
 * OSSN-0049 - Nova ironic driver logs sensitive information while operating in debug mode (7 Jul 2015)
 * OSSN-0048 - Glance method filtering does not work under certain conditions (30 Apr 2015)
 * OSSN-0047 - Keystone does not validate that identity providers match federation mappings (19 Apr 2015)
 * OSSN-0046 - Setting services to debug mode can also set Pecan to debug (11 May 2015)
 * OSSN-0045 - Vulnerable clients allow a TLS protocol downgrade (FREAK) (11 Mar 2015)
 * OSSN-0044 - Older versions of noVNC allow session theft (2 Mar 2015)
 * OSSN-0043 - glibc 'Ghost' vulnerability can allow remote code execution (5 Feb 2015)
 * OSSN-0042 - Keystone token scoping provides no security benefit (17 Dec 2014)
 * OSSN-0041 - Linux ISCSI Admin Utility (tgtadm) does not work with Cinder (work in progress)
 * OSSN-0039 - Configuring OpenStack deployments to prevent POODLE attacks (21 Oct 2014)
 * OSSN-0038 - Suds client subject to cache poisoning by local attacker (17 Dec 2014)
 * OSSN-0037 - Configure Horizon to mitigate BREACH/CRIME attacks (19 Sep 2013)
 * OSSN-0036 - Horizon does not set Secure Attribute in cookies (19 Sep 2013)
 * OSSN-0035 - HTTP Strict Transport Security not enabled on Horizon Dashboard (19 Sep 2013)
 * OSSN-0034 - Restarting memcached loses revoked token list (19 Sep 2013)
 * OSSN-0033 - Some SSL-Enabled connections fail to perform basic certificate checks (19 Sep 2013)
 * OSSN-0032 - Disabling a tenant does not disable a user token (30 Aug 2013)
 * OSSN-0031 - Nova Baremetal exposes previous tenant data (2 Jul 2013)
 * OSSN-0030 - Bash 'shellshock' bug can lead to code injection vulnerability (26 Sep 2014)
 * OSSN-0029 - Neutron firewall rules lack port restrictions when using protocol 'any' (24 Sep 2014)
 * OSSN-0028 - Nova leaks compute host SMBIOS serial number to guests (3 Oct 2014)
 * OSSN-0027 - Neutron ARP cache poisoning vulnerability (16 Sep 2014)
 * OSSN-0026 - Unrestricted write permission to config files can allow code execution (5 Sep 2014)
 * OSSN-0025 - Swift can allow images to be accessed by anyone on the same network when using delay_auth_decision (21 Oct 2014)
 * OSSN-0024 - Sensitive data exposure by logging in python-keystoneclient (25 Sep 2014)
 * OSSN-0023 - Keystone logs auth tokens in URLs at the INFO log level (4 Sep 2014)
 * OSSN-0022 - Nova Networking does not enforce security group rules following a soft reboot of an instance (11 Aug 2014)
 * OSSN-0021 - Users of compromised accounts should verify Keystone trusts (25 July 2014)
 * OSSN-0020 - Disassociating floating IP from a VM does not terminate NAT connections (15 Sep 2014)
 * OSSN-0019 - Cinder SSH Pool will auto-accept SSH host signatures by default (30 Jun 2014)
 * OSSN-0018 - Nova Network configuration allows guest VMs to connect to host services (25 Jun 2014)
 * OSSN-0017 - Session-fixation vulnerability in Horizon when using the default signed cookie sessions (20 Jun 2014)
 * OSSN-0016 - Cinder wipe fails in an insecure manner on Grizzly (3 Jun 2014)
 * OSSN-0015 - Glance allows non-admin users to create public images (31 May 2014)
 * OSSN-0014 - Cinder drivers set insecure file permissions (31 May 2014)
 * OSSN-0013 - Some versions of Glance do not apply property protections as expected (7 May 2014)
 * OSSN-0012 - OpenSSL Heartbleed vulnerability can lead to OpenStack compromise (10 Apr 2014)
 * OSSN-0011 - Heat templates with invalid references allows unintended network access (4 Apr 2014)
 * OSSN-0010 - Sample Keystone v3 policy exposes privilege escalation vulnerability (17 Apr 2014)
 * OSSN-0009 - Potential token revocation abuse via group membership (2 Apr 2014)
 * OSSN-0008 - DoS style attack on noVNC server can lead to service interruption or disruption (9 Mar 2014)
 * OSSN-0007 - Live migration instructions recommend unsecured libvirt remote access (6 Mar 2014)
 * OSSN-0006 - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014)
 * OSSN-0005 - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)
 * OSSN-0004 - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)
 * OSSN-0003 - Keystone configuration should not be world readable (13 May 2013)
 * OSSN-0002 - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)
 * OSSN-0001 - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)