https://wiki.openstack.org/w/api.php?action=feedcontributions&user=Khanak.nangia&feedformat=atomOpenStack - User contributions [en]2024-03-29T14:52:42ZUser contributionsMediaWiki 1.28.2https://wiki.openstack.org/w/index.php?title=Women_of_OpenStack&diff=152004Women of OpenStack2017-03-09T18:06:08Z<p>Khanak.nangia: /* Women of OpenStack Directory */</p>
<hr />
<div>Welcome to the Women of OpenStack wiki page!<br />
<br />
=== Join the discussion! ===<br />
* Subscribe to the [http://lists.openstack.org/cgi-bin/mailman/listinfo/women-of-openstack Mailing List] <br />
* Join the [http://www.linkedin.com/groups/Women-OpenStack-WOS-4681909 LinkedIn group]<br />
* If you're an IRC user, join '''#openstack-women'''.<br /><br />
<br /><br />
<br />
=== Interested in Mentoring? ===<br />
Check here for more information: https://wiki.openstack.org/wiki/Mentors<br />
<br /><br />
<br /><br />
<br />
=== Work Group Meeting information ===<br />
<br />
The Women of OpenStack meet every 2 weeks (odd weeks) at 2000 UTC or Noon Pacific; 3 PM Eastern - to find your correct time use http://www.worldtimebuddy.com/ <br /><br />
<br />
{| class="wikitable"<br />
|-<br />
| Next Meeting || Monday, March 6, 2017 2000 UTC Dial In: 1-203-277-8157 or 866-619-0383 Participant: 7217256# Leader 4018#<br />
|-<br />
| Current Meeting Etherpad || https://etherpad.openstack.org/p/WOS_03_06_17<br />
|-<br />
| Meeting Leader and Agenda Tracker - Pls signup to lead an upcoming meeting! || https://etherpad.openstack.org/p/WOS_Agenda_Tracker<br />
|-<br />
| Archive Meeting Notes || https://etherpad.openstack.org/p/WOS_Meeting_Archives<br />
|-<br />
|}<br />
<br />
=== WOO Initiatives === <br />
<br />
==== Identified Challenges & Suggested Solutions ====<br />
'''Sign up to volunteer [https://docs.google.com/spreadsheets/d/1nu_0EperGdXIQifmjHiNVuB2RJb-5bVJkB9oRT-ExVw/edit?usp=sharing here]!'''<br />
<br />
(takeaways from the May 2015 Vancouver Summit)<br />
{| class="wikitable"<br />
|-<br />
! Group !! Challenge !! Suggested Next Steps <br />
|-<br />
| 1 || Need more women PTLs and need to support women who want to grow as technical contributors || Find ways to support women to be recognized as technical leaders. Example: travel funding for women to attend OpenStack summits <br />
|-<br />
| 2 || Not enough women in the OpenStack community || Attract women to the OpenStack community and support them to remain active in the community. Example: mentorship of women to achieve technical leadership roles <br />
|-<br />
| 3 || Women need support and practice to more confidently communicate in meetings or in larger groups || Webinar on how to participate more effectively in meetings. Example: role play meeting scenarios, help women gain confidence and practice to ask questions during a Tokyo summit talk <br />
|-<br />
| 4 || Need to support higher inclusion of women in the OpenStack community || Workshop to develop leadership soft skills, encourage inclusion, recognize regional gaps in communication, celebrate the successes of women in the OpenStack community <br />
|-<br />
| 5 || Need women leaders to be more visible in the OpenStack main tent sessions || Have a woman keynote speaker, more women participate in panel discussions. Support women with speaker training and creating a pipeline of speaking opportunities for them. <br />
|-<br />
| 6 || Need a supportive and interactive environment for women to come together and support one another with the OpenStack community || Create a private IRC channel for the Women of OpenStack, opportunities to seek and find mentors more naturally based on technology and areas of interest <br />
|-<br />
| 7 || Need a platform to encourage informal mentoring and networking || Reward and recognize mentorship as a key skill that is important as other technical skills<br />
|}<br />
<br />
<br />
=== Past & Current WOO Networking Events ===<br />
<br />
* [http://www.openstack.org/blog/2013/04/women-of-openstack-at-the-portland-summit/ Portland Summit] April, 2013: Networking Breakfast<br />
** [https://www.youtube.com/watch?v=XrHZAQBcfkw Video]<br />
* [http://www.openstack.org/blog/2013/11/women-of-openstack-why/ Hong Kong Summit] November 2013: Boat Outing<br />
* [https://openstacksummitmay2014atlanta.sched.org/event/4740112c1b9074905aee620a97e7a006#.VcylJROqqko Atlanta Summit], May 2014: Happy Hour<br />
* [http://www.openstack.org/blog/2015/01/women-of-openstack-working-session-update/ Paris Summit] November 2014: Networking evening event and breakfast working session<br />
** [https://www.youtube.com/watch?v=lhB1dqpH_ro Video]<br />
* [http://superuser.openstack.org/articles/how-to-get-more-women-involved-in-tech-communication-leadership-and-mentors Vancouver Summit] May 2015: Networking events and breakfast working sessions<br />
** Check out the videos [https://www.youtube.com/watch?v=UWeFKMN7vN0 here] and [https://www.youtube.com/watch?v=8uwoL8E14zw here] and [https://www.youtube.com/watch?v=GsNCLZVWKk8 here]<br />
* Austin Summit Planning meeting notes:<br />
** [https://etherpad.openstack.org/p/WOS_Austin_Planning_12_01_15 Meeting Notes Etherpad 12_01_15]<br />
** [https://etherpad.openstack.org/p/WOS_Austin_Planning_01_20_16 Meeting Notes Etherpad 01_20_16]<br />
** [https://etherpad.openstack.org/p/WOS_Austin_Planning_02_17_16 Meeting Notes Etherpad 02_17_16]<br />
** [https://etherpad.openstack.org/p/WOS_Austin_Planning_03_02_16 Meeting Notes Etherpad 03_02_16]<br />
** [https://etherpad.openstack.org/p/WOS_Austin_Planning_03_16_16 Meeting Notes Etherpad 03_16_16]<br />
** [https://etherpad.openstack.org/p/WOS_Austin_Planning_04_13_16 Meeting Notes Etherpad 04_13_16]<br />
<br />
=== Past Speaking Sessions ===<br />
<br />
Portland Summit (April 2013):<br />
* [https://www.youtube.com/watch?v=64ChnG4rva0 What Everyone Ought to Know About OpenStack Internships]<br />
<br />
<br />
Paris Summit (November 2014):<br />
* [https://www.youtube.com/watch?v=xxkdnqRj3q0 Team Gender Diversity - Working with the Other 50%]<br />
<br />
<br />
Vancouver Summit (May 2015):<br />
* [https://www.youtube.com/watch?v=Jll-FeDTmcE Standing Tall in the Room]<br />
<br />
<br />
Tokyo Summit (October 2015)<br />
* [http://superuser.openstack.org/articles/women-of-openstack-open-doors-at-the-tokyo-summit-and-in-the-community Women of OpenStack Events at the Tokyo Summit]<br />
* [http://superuser.openstack.org/articles/tackling-diversity-in-the-openstack-community Tackling Diversity in the OpenStack Community]<br />
<br />
<br />
Barcelona Summit (October 2016)<br />
* [https://www.openstack.org/videos/video/ptls-and-cores-we-are-not-as-scary-as-you-think-organized-by-the-women-of-openstack PTLs and Cores: We are Not as Scary as You Think]<br />
<br />
=== WOO Coverage ===<br />
<br />
*Outreachy (OpenStack Outreach Program)<br />
** [https://wiki.openstack.org/wiki/Outreachy Wiki page]<br />
** [http://www.openstack.org/blog/2012/11/openstack-outreach-program-for-women-accepting-candidates/ Blog Post] <br />
<br />
* [http://superuser.openstack.org/articles/how-to-craft-a-successful-openstack-summit-proposal Women of OpenStack Webinar]: "How to craft a successful OpenStack Summit Proposal. <br />
<br />
* [http://superuser.openstack.org/articles/why-your-first-openstack-commit-will-always-be-the-hardest Why your first OpenStack commit will always be the hardest]<br />
<br />
* Open Mic Series<br />
** [http://superuser.openstack.org/articles/passion-community-support-success-with-openstack Shilla Saebi]<br />
** [http://www.openstack.org/blog/2014/08/open-mic-spotlight-rossella-sblendido/ Rossella Sblendido]<br />
** [http://www.openstack.org/blog/2014/01/open-mic-spotlight-tatiana-mazur/ Tatiana Mazur] <br />
** [http://www.openstack.org/blog/2013/07/open-mic-spotlight-melanie-witt/ Melanie Witt]<br />
** [http://www.openstack.org/blog/2013/07/open-mic-spotlight-victoria-martinez-de-la-cruz/ Victoria Martínez de la Cruz]<br />
** [http://superuser.openstack.org/articles/blazing-the-trail-for-openstack-in-south-korea Nalee Jang]<br />
<br />
<br />
<br />
==== Read more about other Projects and Events by Women of OpenStack ====<br />
* [http://www.openstack.org/blog/category/women-of-openstack/ OpenStack Blog]<br />
* [http://opensource.com/business/14/2/women-of-openstack-conference-group OpenSource.com]: "The Women of OpenStack talk outreach, education, and mentoring" by Anne Gentle<br />
* [http://superuser.openstack.org/articles/new-to-openstack-why-it-pays-to-jump-right-in OpenStack Superuser]: "New to OpenStack? Why it pays to jump right in" with Megan Rosetti <br />
<br />
<br />
=== Other Women and Diversity Groups ===<br />
<br />
*[http://superuser.openstack.org/articles/how-the-ada-initiative-is-encouraging-diversity-in-the-open-source-community The ADA Initiative]<br />
*[http://www.openstack.org/blog/2013/10/openstack-at-the-grace-hopper-conference/ The Grace Hopper Conference]<br />
<br />
<br />
=== Women of OpenStack Directory ===<br />
Feel free to add yourself to the list. For your Contact info, use whatever you're most comfortable with— LinkedIn, Launchpad profile page, IRC handle, etc. <br />
<br />
{| class="wikitable"<br />
|-<br />
! Name !! Contact !! Role !! Area(s) of Interest<br />
|-<br />
| Poonam Yadav || IRC: pyadav <br /> [https://uk.linkedin.com/in/pyadav] || Technical || OpenStack Core projects<br />
|-<br />
|-<br />
| Jane Example Stacker || IRC: JaneS <br /> [https://www.linkedin.com/ LinkedIn] <br /> || Developer || Nova, Neutron<br />
|-<br />
|Malini Bhandaru || IRC: malini1 <br /> [http://www.linkedin.com/pub/malini-bhandaru/0/578/43a/ LinkedIn] <br /> malini dot k dot bhandaru at intel dot com || Architect & Manager - Intel Open Source Technology Center || Security, Advanced Network Services, Glance, Keystone <br />
|-<br />
| Lana Brindley || IRC: loquacities <br /> || Docs Core & Rackspace Docs || All projects<br />
|-<br />
| Anne Gentle || IRC: annegentle <br /> || Technical Committee, API WG, Docs || All projects<br />
|-<br />
| Karin Levenstein || IRC: KLevenstein || Docs Writer (Information Developer)<br /> Rackspace Docs || OpenStack Core projects<br />
|-<br />
| Alexandra Settle || IRC: asettle <br /> || Docs PTL, Docs Writer (Information Developer) || OpenStack Core projects<br />
|-<br />
<br />
| Sayali Lunkad || IRC: sayalilunkad <br /> || training-guides core || training-guides, horizon<br />
|-<br />
| Irena Berezovsky || IRC: irenab <br /> || Architect || neutron, nova, SDN, NFV<br />
|-<br />
| Rossella Sblendido || IRC: rossella_s <br /> || Software Engineer || Neutron<br />
|-<br />
| Shilla Saebi || IRC: ShillaSaebi <br /> [https://twitter.com/shillasaebi/ Twitter] <br /> [https://www.linkedin.com/profile/view?id=118642445&trk=nav_responsive_tab_profile/ Linkedin] <br /> || Docs Core/OpenStack Ops Engineer at Comcast || All projects<br />
|-<br />
| Megan Rossetti || IRC: MeganR <br /> [https://twitter.com/megrossetti/ Twitter] <br /> [https://www.linkedin.com/profile/view?id=18509902&trk=nav_responsive_tab_profile/ Linkedin] <br /> || PM , training-guides, Win the Enterprise || All projects<br />
|<br />
|-<br />
| Samta Rangare || IRC: sam <br /> srangare at mvista dot com <br /> || Software Engineer || Neutron, Nova, Ceilometer, Congress<br />
|-<br />
| Victoria Martínez de la Cruz || IRC: vkmc<br/> [https://www.linkedin.com/in/vmartinezdelacruz LinkedIn]<br/>[https://twitter.com/vkmc Twitter] || Software Developer || All projects<br />
|-<br />
| Sandhya Dasu || IRC: sadasu <br /> [https://www.linkedin.com/in/SandhyaDasu LinkedIn] <br /> sadasu at cisco dot com|| Developer || Neutron, NFV<br />
|-<br />
| Emily Hugenbruch || IRC: ekhugen <br /> [https://www.linkedin.com/pub/emily-hugenbruch/a/670/98/ LinkedIn] <br /> [https://twitter.com/ekhugen Twitter]|| Software Engineer || Nova, Tempest<br />
|-<br />
| Catherine Richardson || catherine.richardson@rackspace.com || Information Developer<br /> Rackspace DevDocs || Rackspace API documentation<br />
|-<br />
| Anne McCormick || IRC: annemccormick <br /> [https://www.linkedin.com/pub/anne-winiewicz-mccormick/1/896/8a7 LinkedIn] <br /> || Software Engineer || Neutron<br />
|-<br />
| Kathy Cacciatore || kathyc@openstack.org || Consulting Marketing Manager, OpenStack Foundation || Enterprise Marketing<br />
|-<br />
| Priti Desai || priti_desai@symantec.com || OpenStack Evangelista || OpenStack Doc, Keystone, OSSG<br />
|-<br />
|-<br />
| Beth Cohen || bfcohen@luthcomputer.com <br /> [http://www.linkedin.com/in/bfcohen LinkedIn Profile] <br /> [https://twitter.com/bfcohen Twitter] <br />|| Cloud Technologist || OpenStack Doc, Cloud Architectures<br />
|-<br />
| Aysy Anne Duarte || IRC: aysyd <br /> [https://br.linkedin.com/in/aysyanne/ LinkedIn] <br /> [https://twitter.com/aysyanne Twitter] || Software Engineer || INFRA/CI <br />
|-<br />
| Nisha Agarwal || IRC: Nisha || Software Engineer || ironic, nova<br />
|-<br />
| Summer Long || IRCː slong || Software Engineer || security<br />
|-<br />
| Tamara Johnston || IRC: TamaraJ <br /> [https://twitter.com/TJohnstonCloud Twitter] <br /> [https://www.linkedin.com/in/tamjohnston LinkedIn] || Senior Manager, Cloud Services || OpenStack Doc<br />
|-<br />
| Val Wanjura || IRCː arcee2 || Technical Operations Manager || All Projects<br />
|-<br />
| Amy Marrich || IRC: spotz<br /> [https://twitter.com/spotzz_ Twitter] <br /> || Linux Systems Engineer || OSA, Heat, Barbican, Community<br />
|-<br />
| Carol Barrett || IRC: carolbarrett || Data Center Software Planner || Community<br />
|-<br />
| Shaifali Agrawal || IRC: exploreshaifali <br /> [https://www.linkedin.com/profile/view?id=257818581 LinkedIn] <br /> [http://twitter.com/exploreshaifali Twitter] || Individual Contributor, Software Engineer || All Projects<br />
|-<br />
| Darla Ahlert || IRC: alraddarla <br /> [https://www.linkedin.com/in/darlaahlert LinkedIn] <br /> || Software Engineer|| All Projects<br />
|-<br />
| Margaret Chiosi || IRC: mchiosi <br /> [https://www.linkedin.com/in/mtchiosi LinkedIn] <br /> || Network Architect|| All Projects<br />
|-<br />
| Holly Bazemore || IRC: cloudhollyb <br /> [https://twitter.com/hfbazemore Twitter] <br /> [https://www.linkedin.com/profile/view?id=AAIAAAByreYBKVGzzWH0s_qH0qQ-as81debWPsc&trk=nav_responsive_tab_profile/ Linkedin] <br /> || Director of Elastic Cloud Strategy and Deployments at Comcast || All projects<br />
|-<br />
| K Rain Leander || IRC: leanderthal <br /> [https://twitter.com/rainsdance Twitter] <br /> [https://www.linkedin.com/in/rainsdance Linkedin] <br /> || Software Engineer || TripleO<br />
|-<br />
|-<br />
| Aimee Ukasick || IRC: aimeeU<br />aimeeu.opensource at gee mail dot com<br />[https://www.linkedin.com/in/aimee-ukasick-3a441129 LinkedIn]<br /> || Open Source Lead || Congress, Tacker, Community; OPNFV projects<br />
|-<br />
|-<br />
| Marcela Bonell || IRC: mbonell<br /> [https://www.linkedin.com/in/mbonell LinkedIn]<br /> || Cloud Software Engineer || Developer's Experience (First App, SDK's, Heat, Murano, API, Documentation)<br />
|-<br />
|-<br />
| Kayla Fromme || [https://www.linkedin.com/in/kayla-fromme-63542b18 LinkedIn]<br /> || AT&T Technical Director || All Projects<br />
|-<br />
| Kendall Nelson ||IRC: diablo_rojo<br /> kjnelson@us.ibm.com <br /> || Software Engineer || Cinder & os-brick<br />
|-<br />
| Elise Eiden || [https://www.linkedin.com/in/eliseeiden LinkedIn]<br /> || Sr. Specialist Applications Developer || All Projects<br />
|-<br />
|-<br />
| Maria Zlatkova || IRC: mzlatkova<br /> [https://www.linkedin.com/in/mzlatkova LinkedIn]<br /> || Docs Core/Technical Writer at Mirantis || All Projects<br />
|-<br />
| Olga Gusarenko || IRC: ogusarenko<br /> [https://www.linkedin.com/in/olga-gusarenko-5803bb80 LinkedIn]<br /> || Docs Core & Mirantis OpenStack docs || OpenStack docs, OpenStack core projects' docs<br />
|-<br />
| Oena Logvinova || IRC: ologvinova || Docs Core & Mirantis OpenStack docs || All projects<br />
|-<br />
|-<br />
| Anusha Ramineni || IRC: ramineni || Developer || Congress, Ironic, Tempest<br />
|-<br />
| Ifat Afek || IRC: ifat_afek || System Architect at Nokia, Vitrage PTL || Vitrage<br />
|-<br />
|-<br />
| Khanak Nangia || IRC: knangia <br /> [https://www.linkedin.com/in/khanaknangia/ Linkedin] <br /> || Cloud Software Engineer - Intel || Security, Syntribos<br />
|-<br />
| Nisha Yadav || IRC: nishaYadav <br/> LinkedIn: [https://www.linkedin.com/in/nishaprofile/]<br/> Twitter: [https://twitter.com/nisha_yadav_] || Independent Contributor || Keystone, OpenStack docs, Community<br />
|-</div>Khanak.nangiahttps://wiki.openstack.org/w/index.php?title=OSSN/OSSN-0073&diff=131330OSSN/OSSN-00732016-08-17T21:23:05Z<p>Khanak.nangia: Created page with "'''Horizon dashboard leaks internal information through cookies'''<big><big>Big text</big></big> '''Summary'''<big>Big text</big> When horizon is configured, its URL contain..."</p>
<hr />
<div>'''Horizon dashboard leaks internal information through cookies'''<big><big>Big text</big></big><br />
<br />
'''Summary'''<big>Big text</big><br />
<br />
When horizon is configured, its URL contains the IP address of the internal URL of keystone. If the internal network is different than the public network, the IP address of the internal network will be displayed by the horizon, which can expose sensitive information - internal IP address.<br />
The cookie "login_region" will be set to the value configured as OPENSTACK_KEYSTONE_URL.<br />
<br />
'''Affected Services'''<big>Big text</big><br />
<br />
Keystone, Horizon<br />
<br />
'''Discussion'''<big>Big text</big><br />
This seems to be a misconfiguration issue, instead of a real bug.<br />
Exposing the internalURL is not a bug either way, one views the internalURL, either it's a freely accessible endpoint to authorized users, or it's hidden behind a firewall. Also, the data for internal URLs are freely available in the catalog and the catalog is not considered private information.<br />
<br />
<br />
'''Contacts / Reference'''<big>Big text</big><br />
<br />
Author: Khanak Nangia, Intel <br />
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0073<br />
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1585831<br />
Related bug : https://bugs.launchpad.net/horizon/+bug/1597864<br />
OpenStack Security ML : openstack-dev@lists.openstack.org<br />
OpenStack Security Group : https://launchpad.net/~openstack-ossg</div>Khanak.nangiahttps://wiki.openstack.org/w/index.php?title=Security_Notes&diff=131317Security Notes2016-08-17T19:33:27Z<p>Khanak.nangia: /* Published Security Notes */</p>
<hr />
<div>The OpenStack Security Project (OSSP) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.<br />
<br />
For advice on how to write OpenStack Security Notes see the [[Security/Security_Note_Process|Security Note Process]] documentation.<br />
<br />
=== Published Security Notes ===<br />
* [[OSSN/OSSN-0073|OSSN-0073]] - Horizon dashboard leaks internal information through cookies ("work in progress")<br />
* [[OSSN/OSSN-0072|OSSN-0072]] - Host machine exposed to tenant networks via IPv6 ("work in progress")<br />
* [[OSSN/OSSN-0070|OSSN-0071]] - Potential DOS with revoke by id or audit_id ("work in progress")<br />
* [[OSSN/OSSN-0070|OSSN-0070]] - Bandit versions lower than 1.1.0 do not escape HTML in issue reports ("work in progress")<br />
* [[OSSN/OSSN-0069|OSSN-0069]] - Host OS exposed to tenant networks via IPv6 (work in progress)<br />
* [[OSSN/OSSN-0068|OSSN-0068]] - DoS style attack on keystone, using repeated token revocation requests, can lead to service degradation or disruption<br />
* [[OSSN/OSSN-0067|OSSN-0067]] - Barbican server discloses SQL password and X-auth token values via LOG.debug ("work in progress")<br />
* [[OSSN/OSSN-0066|OSSN-0066]] - mongodb guest instance allows any user to connect ("work in progress")<br />
* [[OSSN/OSSN-0065|OSSN-0065]] - Glance embargoed issue ("work in progress")<br />
* [[OSSN/OSSN-0064|OSSN-0064]] - Keystone 'Admin_Token' in default configuration leads to insecure operation ("work in progress")<br />
* [[OSSN/OSSN-0063|OSSN-0063]] - Nova and Cinder key manager for Barbican misuses cached credentials (9 Jun 2016)<br />
* [[OSSN/OSSN-0062|OSSN-0062]] - Potential reuse of revoked Identity tokens (15 Dec 2015)<br />
* [[OSSN/OSSN-0061|OSSN-0061]] - Glance image signature uses an insecure hash algorithm (MD5) (15 Dec 2015)<br />
* [[OSSN/OSSN-0060|OSSN-0060]] - Glance configuration option can lead to privilege escalation (25 Jan 2016)<br />
* [[OSSN/OSSN-0059|OSSN-0059]] - Trusted vm can be powered on untrusted host (16 Nov 2015)<br />
* [[OSSN/OSSN-0058|OSSN-0058]] - Cinder LVMISCIDriver allows possible unauthenticated mounting of volumes (17 Sep 2015)<br />
* [[OSSN/OSSN-0057|OSSN-0057]] - DoS style attack on Glance service can lead to service interruption or disruption (15 Oct 2015)<br />
* [[OSSN/OSSN-0056|OSSN-0056]] - Cached keystone tokens may be accepted after revocation (17 Sep 2015)<br />
* [[OSSN/OSSN-0055|OSSN-0055]] - Service accounts may have cloud admin privileges (17 Sep 2015)<br />
* [[OSSN/OSSN-0054|OSSN-0054]] - Potential Denial of Service in Horizon login (17 Sep 2015)<br />
* [[OSSN/OSSN-0053|OSSN-0053]] - Keystone token disclosure may result in malicious trust creation (23 Sep 2015)<br />
* [[OSSN/OSSN-0052|OSSN-0052]] - Python-swiftclient exposes raw token values in debug logs (17 Sep 2015)<br />
* [[OSSN/OSSN-0051|OSSN-0051]] - keystonemiddleware can allow access after token revocation ('''work in progress''')<br />
* [[OSSN/OSSN-0050|OSSN-0050]] - Disabling users & groups may not invalidate previously-issued tokens ('''work in progress''')<br />
* [[OSSN/OSSN-0049|OSSN-0049]] - Nova ironic driver logs sensitive information while operating in debug mode (7 Jul 2015)<br />
* [[OSSN/OSSN-0048|OSSN-0048]] - Glance method filtering does not work under certain conditions (30 Apr 2015)<br />
* [[OSSN/OSSN-0047|OSSN-0047]] - Keystone does not validate that identity providers match federation mappings (19 Apr 2015)<br />
* [[OSSN/OSSN-0046|OSSN-0046]] - Setting services to debug mode can also set Pecan to debug (11 May 2015)<br />
* [[OSSN/OSSN-0045|OSSN-0045]] - Vulnerable clients allow a TLS protocol downgrade (FREAK) (11 Mar 2015)<br />
* [[OSSN/OSSN-0044|OSSN-0044]] - Older versions of noVNC allow session theft (2 Mar 2015)<br />
* [[OSSN/OSSN-0043|OSSN-0043]] - glibc 'Ghost' vulnerability can allow remote code execution (5 Feb 2015)<br />
* [[OSSN/OSSN-0042|OSSN-0042]] - Keystone token scoping provides no security benefit (17 Dec 2014)<br />
* [[OSSN/OSSN-0041|OSSN-0041]] - Linux ISCSI Admin Utility (tgtadm) does not work with Cinder ('''work in progress''')<br />
* [[OSSN/OSSN-0039|OSSN-0039]] - Configuring OpenStack deployments to prevent POODLE attacks (21 Oct 2014)<br />
* [[OSSN/OSSN-0038|OSSN-0038]] - Suds client subject to cache poisoning by local attacker (17 Dec 2014)<br />
* [[OSSN/OSSN-0037|OSSN-0037]] - Configure Horizon to mitigate BREACH/CRIME attacks (19 Sep 2013)<br />
* [[OSSN/OSSN-0036|OSSN-0036]] - Horizon does not set Secure Attribute in cookies (19 Sep 2013)<br />
* [[OSSN/OSSN-0035|OSSN-0035]] - HTTP Strict Transport Security not enabled on Horizon Dashboard (19 Sep 2013)<br />
* [[OSSN/OSSN-0034|OSSN-0034]] - Restarting memcached loses revoked token list (19 Sep 2013)<br />
* [[OSSN/OSSN-0033|OSSN-0033]] - Some SSL-Enabled connections fail to perform basic certificate checks (19 Sep 2013)<br />
* [[OSSN/OSSN-0032|OSSN-0032]] - Disabling a tenant does not disable a user token (30 Aug 2013)<br />
* [[OSSN/OSSN-0031|OSSN-0031]] - Nova Baremetal exposes previous tenant data (2 Jul 2013)<br />
* [[OSSN/OSSN-0030|OSSN-0030]] - Bash 'shellshock' bug can lead to code injection vulnerability (26 Sep 2014)<br />
* [[OSSN/OSSN-0029|OSSN-0029]] - Neutron firewall rules lack port restrictions when using protocol 'any' (24 Sep 2014)<br />
* [[OSSN/OSSN-0028|OSSN-0028]] - Nova leaks compute host SMBIOS serial number to guests (3 Oct 2014)<br />
* [[OSSN/OSSN-0027|OSSN-0027]] - Neutron ARP cache poisoning vulnerability (16 Sep 2014)<br />
* [[OSSN/OSSN-0026|OSSN-0026]] - Unrestricted write permission to config files can allow code execution (5 Sep 2014)<br />
* [[OSSN/OSSN-0025|OSSN-0025]] - Swift can allow images to be accessed by anyone on the same network when using delay_auth_decision (21 Oct 2014)<br />
* [[OSSN/OSSN-0024|OSSN-0024]] - Sensitive data exposure by logging in python-keystoneclient (25 Sep 2014)<br />
* [[OSSN/OSSN-0023|OSSN-0023]] - Keystone logs auth tokens in URLs at the INFO log level (4 Sep 2014)<br />
* [[OSSN/OSSN-0022|OSSN-0022]] - Nova Networking does not enforce security group rules following a soft reboot of an instance (11 Aug 2014)<br />
* [[OSSN/OSSN-0021|OSSN-0021]] - Users of compromised accounts should verify Keystone trusts (25 July 2014)<br />
* [[OSSN/OSSN-0020|OSSN-0020]] - Disassociating floating IP from a VM does not terminate NAT connections (15 Sep 2014)<br />
* [[OSSN/OSSN-0019|OSSN-0019]] - Cinder SSH Pool will auto-accept SSH host signatures by default (30 Jun 2014)<br />
* [[OSSN/OSSN-0018|OSSN-0018]] - Nova Network configuration allows guest VMs to connect to host services (25 Jun 2014)<br />
* [[OSSN/OSSN-0017|OSSN-0017]] - Session-fixation vulnerability in Horizon when using the default signed cookie sessions (20 Jun 2014)<br />
* [[OSSN/OSSN-0016|OSSN-0016]] - Cinder wipe fails in an insecure manner on Grizzly (3 Jun 2014)<br />
* [[OSSN/OSSN-0015|OSSN-0015]] - Glance allows non-admin users to create public images (31 May 2014)<br />
* [[OSSN/OSSN-0014|OSSN-0014]] - Cinder drivers set insecure file permissions (31 May 2014)<br />
* [[OSSN/OSSN-0013|OSSN-0013]] - Some versions of Glance do not apply property protections as expected (7 May 2014)<br />
* [[OSSN/OSSN-0012|OSSN-0012]] - OpenSSL Heartbleed vulnerability can lead to OpenStack compromise (10 Apr 2014)<br />
* [[OSSN/OSSN-0011|OSSN-0011]] - Heat templates with invalid references allows unintended network access (4 Apr 2014)<br />
* [[OSSN/OSSN-0010|OSSN-0010]] - Sample Keystone v3 policy exposes privilege escalation vulnerability (17 Apr 2014)<br />
* [[OSSN/OSSN-0009|OSSN-0009]] - Potential token revocation abuse via group membership (2 Apr 2014)<br />
* [[OSSN/OSSN-0008|OSSN-0008]] - DoS style attack on noVNC server can lead to service interruption or disruption (9 Mar 2014)<br />
* [[OSSN/OSSN-0007|OSSN-0007]] - Live migration instructions recommend unsecured libvirt remote access (6 Mar 2014)<br />
* [[OSSN/1254619|OSSN-0006]] - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014)<br />
* [[OSSN/1226078|OSSN-0005]] - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)<br />
* [[OSSN/1237989|OSSN-0004]] - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)<br />
* [[OSSN/1168252|OSSN-0003]] - Keystone configuration should not be world readable (13 May 2013)<br />
* [[OSSN/1155566|OSSN-0002]] - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)<br />
* [[OSSN/1098582|OSSN-0001]] - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)</div>Khanak.nangia