Jump to: navigation, search

Difference between revisions of "Security Notes"

(Published Security Notes)
(Published Security Notes)
Line 2: Line 2:
  
 
=== Published Security Notes ===
 
=== Published Security Notes ===
* [[OSSN/1254619|1254619]] - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014)
+
* [[OSSN/OSSN-0007|OSSN-0007]] - Live migration instructions recommend unsecured libvirt remote access (6 Mar 2014)
* [[OSSN/1226078|1226078]] - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)
+
* [[OSSN/1254619|OSSN-0006]] - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014)
* [[OSSN/1237989|1237989]] - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)
+
* [[OSSN/1226078|OSSN-0005]] - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)
* [[OSSN/1168252|1168252]] - Keystone configuration should not be world readable (13 May 2013)
+
* [[OSSN/1237989|OSSN-0004]] - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)
* [[OSSN/1155566|1155566]] - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)
+
* [[OSSN/1168252|OSSN-0003]] - Keystone configuration should not be world readable (13 May 2013)
* [[OSSN/1098582|1098582]] - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)
+
* [[OSSN/1155566|OSSN-0002]] - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)
 +
* [[OSSN/1098582|OSSN-0001]] - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)

Revision as of 19:17, 6 March 2014

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Published Security Notes

  • OSSN-0007 - Live migration instructions recommend unsecured libvirt remote access (6 Mar 2014)
  • OSSN-0006 - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014)
  • OSSN-0005 - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)
  • OSSN-0004 - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)
  • OSSN-0003 - Keystone configuration should not be world readable (13 May 2013)
  • OSSN-0002 - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)
  • OSSN-0001 - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)
Retrieved from "https://wiki.openstack.org/w/index.php?title=Security_Notes&oldid=44561"