Difference between revisions of "Security Notes"
Sriramhere (talk | contribs) (→Published Security Notes) |
(→Published Security Notes) |
||
| Line 2: | Line 2: | ||
=== Published Security Notes === | === Published Security Notes === | ||
| − | * [[OSSN/ | + | * [[OSSN/1254619|1254619]] - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014) |
* [[OSSN/1226078|1226078]] - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013) | * [[OSSN/1226078|1226078]] - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013) | ||
* [[OSSN/1237989|1237989]] - Authenticated users are able to update passwords without providing their current password (22 Nov 2013) | * [[OSSN/1237989|1237989]] - Authenticated users are able to update passwords without providing their current password (22 Nov 2013) | ||
Revision as of 19:03, 17 January 2014
The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.
Published Security Notes
- 1254619 - Keystone can allow user impersonation when using REMOTE_USER for external authentication (17 Jan 2014)
- 1226078 - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)
- 1237989 - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)
- 1168252 - Keystone configuration should not be world readable (13 May 2013)
- 1155566 - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)
- 1098582 - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)
