Jump to: navigation, search

Security Notes

Revision as of 19:28, 12 December 2013 by Nkinder (talk | contribs)

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Published Security Notes

  • 1226078 - Glance allows sharing of images between projects without consumer project approval (11 Dec 2013)
  • 1237989 - Authenticated users are able to update passwords without providing their current password (22 Nov 2013)
  • 1168252 - Keystone configuration should not be world readable (13 May 2013)
  • 1155566 - HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS (23 Apr 2013)
  • 1098582 - Selecting LXC as Nova Virtualization Driver can lead to data compromise (15 Mar 2013)