User contributions
(newest | oldest) View (newer 100 | older 100) (20 | 50 | 100 | 250 | 500)
- 22:45, 7 May 2014 (diff | hist) . . (-1) . . Security Notes (→Published Security Notes)
- 22:35, 7 May 2014 (diff | hist) . . (-46) . . OSSN/OSSN-0013
- 22:22, 1 May 2014 (diff | hist) . . (+606) . . N Security/Stackforge/Solum (Created page with "This page documents security related details for the Solum stackforge project. === Implemented Crypto === === Used Crypto === ==== Libraries ==== ==== Encryption Algorithm...") (current)
- 22:20, 1 May 2014 (diff | hist) . . (+627) . . N Security/Juno/Marconi (Created page with "This page documents security related details for the Marconi project in the OpenStack Juno release. === Implemented Crypto === === Used Crypto === ==== Libraries ==== ====...")
- 22:15, 1 May 2014 (diff | hist) . . (+93) . . Security/Juno (→Incubated Projects) (current)
- 00:53, 27 April 2014 (diff | hist) . . (0) . . OpenPGP Web of Trust/Juno Summit
- 19:56, 25 April 2014 (diff | hist) . . (-2) . . Security/Juno/Barbican (→Encryption Algorithms) (current)
- 19:54, 25 April 2014 (diff | hist) . . (+149) . . Security/Juno/Barbican (→Encryption Algorithms)
- 19:36, 25 April 2014 (diff | hist) . . (+54) . . Security/Juno/Barbican (→Libraries)
- 19:32, 25 April 2014 (diff | hist) . . (+276) . . Security/Juno/Barbican (→Encryption Algorithms)
- 19:27, 25 April 2014 (diff | hist) . . (+79) . . Security/Juno/Barbican (→Encryption Algorithms)
- 19:22, 25 April 2014 (diff | hist) . . (+189) . . Security/Juno/Barbican (→Encryption Algorithms)
- 19:17, 25 April 2014 (diff | hist) . . (-34) . . Security/Juno/Barbican (→Encryption Algorithms)
- 19:17, 25 April 2014 (diff | hist) . . (-68) . . Security/Juno/Barbican (→Hashing Algorithms)
- 19:13, 25 April 2014 (diff | hist) . . (+255) . . Security/Juno/Barbican (→Used Crypto)
- 19:08, 25 April 2014 (diff | hist) . . (+98) . . Security/Juno/Barbican (→Encryption Algorithms)
- 19:05, 25 April 2014 (diff | hist) . . (+673) . . Security/Juno/Barbican (→Hashing Algorithms)
- 18:53, 25 April 2014 (diff | hist) . . (+11) . . Security/Juno/Barbican (→Libraries)
- 18:48, 25 April 2014 (diff | hist) . . (+604) . . N Security/Juno/Barbican (Created page with "This page documents security related details for the Barbican project in the OpenStack Juno release. === Implemented Crypto === === Used Crypto === ==== Libraries ==== ===...")
- 18:40, 25 April 2014 (diff | hist) . . (+169) . . Security/Juno
- 17:59, 22 April 2014 (diff | hist) . . (+64) . . Security/Juno/Keystone (→Notable changes since Icehouse)
- 17:45, 22 April 2014 (diff | hist) . . (+159) . . Security/Juno/Keystone (→Notable changes since Icehouse)
- 17:38, 22 April 2014 (diff | hist) . . (+7,165) . . N Security/Juno/Heat (Created page with "This page documents security related details for the Heat project in the OpenStack Juno release. === Overview of Heat Auth Model === Heat provides a native ReST API (heat-ap...") (current)
- 17:36, 22 April 2014 (diff | hist) . . (-18) . . Security/Icehouse (→Projects) (current)
- 17:34, 22 April 2014 (diff | hist) . . (+1,927) . . N Security/Juno (Created page with "'''WORK IN PROGRESS''' This page aims to capture an overview of security related information for integrated projects in the OpenStack Juno release. The information that this...")
- 17:27, 22 April 2014 (diff | hist) . . (+4,699) . . N Security/Juno/Keystone (Created page with "This page documents security related details for the Keystone project in the OpenStack Juno release. === Implemented Crypto === Keystone doesn't have an home-brewed encryption...")
- 19:19, 17 April 2014 (diff | hist) . . (-3) . . Security Notes (→Published Security Notes)
- 19:18, 17 April 2014 (diff | hist) . . (+2,089) . . N OSSN/OSSN-0010 (Created page with "__NOTOC__ == Sample Keystone v3 policy exposes privilege escalation vulnerability == === Summary === The ''policy.v3cloudsample.json'' sample Keystone policy file combined wi...")
- 18:58, 10 April 2014 (diff | hist) . . (+133) . . Meetings/OpenStackSecurity (→2014)
- 07:10, 10 April 2014 (diff | hist) . . (+2,822) . . N OSSN/OSSN-0012 (Created page with "__NOTOC__ == OpenSSL Heartbleed vulnerability can lead to OpenStack compromise == === Summary === A vulnerability in OpenSSL can lead to leaking of confidential data protecte...")
- 07:01, 10 April 2014 (diff | hist) . . (+113) . . Security Notes
- 23:41, 8 April 2014 (diff | hist) . . (+106) . . OpenPGP Web of Trust/Juno Summit (→Juno Summit Key Signing)
- 18:48, 8 April 2014 (diff | hist) . . (+9) . . Meetings/KeystoneMeeting (→Regular attendees)
- 16:43, 8 April 2014 (diff | hist) . . (+68) . . Meetings/KeystoneMeeting (→Agenda for next meeting)
- 03:07, 6 April 2014 (diff | hist) . . (+96) . . Security/Icehouse/Keystone (→Used Crypto)
- 02:47, 6 April 2014 (diff | hist) . . (+310) . . Security/Icehouse/Keystone (→Used Crypto)
- 02:34, 6 April 2014 (diff | hist) . . (+105) . . Security/Icehouse/Keystone
- 02:32, 6 April 2014 (diff | hist) . . (+1,857) . . Security/Icehouse/Keystone (→Sensitive Data)
- 02:19, 6 April 2014 (diff | hist) . . (+1,100) . . Security/Icehouse/Keystone (→Hashing Algorithms)
- 02:06, 6 April 2014 (diff | hist) . . (+1,145) . . N Security/Icehouse/Keystone (Created page with "=== Implemented Crypto === None. === Used Crypto === ==== Encryption Algorithms ==== {| class="wikitable sortable" |- ! Algorithm !! Purpose !! Configurable !! Implementation...")
- 01:40, 6 April 2014 (diff | hist) . . (+61) . . Security/Icehouse
- 01:16, 6 April 2014 (diff | hist) . . (+1,851) . . N Security/Icehouse (Created page with "'''WORK IN PROGRESS''' This page aims to capture an overview of security related information for integrated projects in the OpenStack Icehouse release. The information that...")
- 03:35, 5 April 2014 (diff | hist) . . (+5,146) . . N OSSN/OSSN-0011 (Created page with "__NOTOC__ == Heat templates with invalid references allows unintended network access == === Summary === Orchestration templates can create security groups to define network a...")
- 03:26, 5 April 2014 (diff | hist) . . (+120) . . Security Notes (→Published Security Notes)
- 14:57, 2 April 2014 (diff | hist) . . (+2,039) . . N OSSN/OSSN-0009 (Created page with "__NOTOC__ == Potential token revocation abuse via group membership == === Summary === Deletion of groups in Keystone causes token revocation for group members. If group capa...")
- 14:49, 2 April 2014 (diff | hist) . . (+99) . . Security Notes (→Published Security Notes)
- 23:59, 28 March 2014 (diff | hist) . . (-891) . . Security/Security Note Template (current)
- 23:58, 28 March 2014 (diff | hist) . . (+69) . . Security/Security Note Process (→Wiki)
- 23:55, 28 March 2014 (diff | hist) . . (+153) . . Security/Security Note Process (→Reviewing)
- 23:46, 28 March 2014 (diff | hist) . . (-585) . . Security/Security Note Process (→Template)
- 16:57, 9 March 2014 (diff | hist) . . (+126) . . Security Notes (→Published Security Notes)
- 16:46, 9 March 2014 (diff | hist) . . (-104) . . OSSN/OSSN-0008 (→Summary)
- 04:19, 8 March 2014 (diff | hist) . . (-16) . . OSSN/OSSN-0008 (→Affected Services / Software)
- 04:13, 8 March 2014 (diff | hist) . . (+1) . . OSSN/OSSN-0008 (→Recommended Actions)
- 04:12, 8 March 2014 (diff | hist) . . (-196) . . OSSN/OSSN-0008 (→Recommended Actions)
- 04:04, 8 March 2014 (diff | hist) . . (-3) . . OSSN/OSSN-0008
- 03:59, 8 March 2014 (diff | hist) . . (+28) . . N OSSN/1227575 (Nkinder moved page OSSN/1227575 to OSSN/OSSN-0008: Use new OSSN naming) (current)
- 03:59, 8 March 2014 (diff | hist) . . (0) . . m OSSN/OSSN-0008 (Nkinder moved page OSSN/1227575 to OSSN/OSSN-0008: Use new OSSN naming)
- 03:57, 8 March 2014 (diff | hist) . . (+11) . . OSSN/OSSN-0008 (→Discussion)
- 03:56, 8 March 2014 (diff | hist) . . (+131) . . OSSN/OSSN-0008 (→Recommended Actions)
- 03:51, 8 March 2014 (diff | hist) . . (-110) . . OSSN/OSSN-0008 (→Discussion)
- 03:04, 8 March 2014 (diff | hist) . . (+8) . . OSSN/OSSN-0008 (→Summary)
- 03:04, 8 March 2014 (diff | hist) . . (+3) . . OSSN/OSSN-0008 (→Summary)
- 02:55, 8 March 2014 (diff | hist) . . (-2) . . OSSN/OSSN-0008 (→Affected Services / Software)
- 03:11, 7 March 2014 (diff | hist) . . (+169) . . Security/Security Note Process (→Publishing)
- 03:09, 7 March 2014 (diff | hist) . . (+290) . . Security/Security Note Process (→Wiki)
- 02:50, 7 March 2014 (diff | hist) . . (+299) . . Security/Security Note Process (→Template)
- 02:42, 7 March 2014 (diff | hist) . . (-5) . . Security/Security Note Process (→Template)
- 19:30, 6 March 2014 (diff | hist) . . (+8,981) . . N OSSN/OSSN-0007 (Created page with "__NOTOC__ == Live migration instructions recommend unsecured libvirt remote access == === Summary === When using the KVM hypervisor with libvirt on OpenStack Compute nodes, l...")
- 19:17, 6 March 2014 (diff | hist) . . (+128) . . Security Notes (→Published Security Notes)
- 19:08, 17 January 2014 (diff | hist) . . (+3,170) . . N OSSN/1254619 (Created page with "__NOTOC__ == Keystone can allow user impersonation when using REMOTE_USER for external authentication == === Summary === When external authentication is used with Keystone us...")
- 19:03, 17 January 2014 (diff | hist) . . (+9) . . Security Notes (→Published Security Notes)
- 16:12, 13 January 2014 (diff | hist) . . (+817) . . Security/Security Note Process (→Writing)
- 05:37, 13 January 2014 (diff | hist) . . (+150) . . Security/Security Note Process (→Wiki)
- 05:36, 13 January 2014 (diff | hist) . . (+1,048) . . N Security/Security Note Template (Created page with "__NOTOC__ == Title (single sentence) == === Summary === A few sentences describing the issue at a high level. === Affected Services / Software === A comma separated list of ...")
- 04:07, 13 January 2014 (diff | hist) . . (+663) . . Security/Security Note Process (→Publishing)
- 02:55, 13 January 2014 (diff | hist) . . (-113) . . Security/Security Note Process
- 02:54, 13 January 2014 (diff | hist) . . (+1,328) . . Security/Security Note Process (→Template)
- 22:37, 12 January 2014 (diff | hist) . . (+1,050) . . N Security/Security Note Process (Created page with "This page describes the process that should be followed for writing and publishing an OpenStack Security Note (OSSN). This page is intended to be used by members of the OpenS...")
- 21:26, 8 January 2014 (diff | hist) . . (+891) . . Security/Guidelines (→Guidelines)
- 21:14, 8 January 2014 (diff | hist) . . (+4) . . Security/Guidelines/logging guidelines
- 21:12, 8 January 2014 (diff | hist) . . (+3,922) . . N Security/Guidelines/logging guidelines (Created page with "In order to prevent accidental leakage of confidential information to unauthorized users, there are some guidelines to assist in isolating this confidential data for easy/accu...")
- 21:06, 8 January 2014 (diff | hist) . . (+58) . . Security/Projects (→Cross Project Security Guidelines)
- 21:05, 8 January 2014 (diff | hist) . . (+274) . . Security/Projects (→Cross Project Security Guidelines)
- 18:16, 8 January 2014 (diff | hist) . . (+4,994) . . Security/Guidelines (→Cross Project Security Guidelines)
- 18:08, 8 January 2014 (diff | hist) . . (+391) . . Security/Guidelines (→Goals)
- 15:57, 8 January 2014 (diff | hist) . . (+108) . . N Security/Guidelines (Created page with "Note - this document is currently a work in progress. == Cross Project Security Guidelines == === Goals ===")
- 17:18, 4 January 2014 (diff | hist) . . (+10) . . m OSSN/OSSN-0008 (Removed table of contents)
- 19:28, 12 December 2013 (diff | hist) . . (+250) . . Security Notes
- 19:27, 12 December 2013 (diff | hist) . . (0) . . Security Notes (→Published Security Notes)
- 19:25, 12 December 2013 (diff | hist) . . (+115) . . Security Notes (→Published Security Notes)
- 19:24, 12 December 2013 (diff | hist) . . (+2,332) . . N OSSN/1098582 (Created page with "__NOTOC__ == Selecting LXC as Nova Virtualization Driver can lead to data compromise == === Summary === LXC does not provide the same level of separation as hypervisors when ...")
- 18:44, 12 December 2013 (diff | hist) . . (+105) . . Security Notes (→Published Security Notes)
- 18:42, 12 December 2013 (diff | hist) . . (+1,600) . . N OSSN/1155566 (Created page with "__NOTOC__ == HTTP POST limiting advised to avoid Essex/Folsom Keystone DoS == === Summary === Concurrent Keystone POST requests with large body messages are held in memory wi...")
- 18:32, 12 December 2013 (diff | hist) . . (+95) . . Security Notes (→Published Security Notes)
- 18:28, 12 December 2013 (diff | hist) . . (+1,486) . . N OSSN/1168252 (Created page with "__NOTOC__ == Keystone configuration should not be world readable == === Summary === In some deployments keystone.conf which contains confidential information, is set to world...")
- 18:07, 12 December 2013 (diff | hist) . . (+133) . . Security Notes (→Published Security Notes)
- 18:06, 12 December 2013 (diff | hist) . . (+3,014) . . N OSSN/1237989 (Created page with "__NOTOC__ == Authenticated users are able to update passwords without providing their current password == === Summary === An authenticated user is able to change their passwo...")
- 17:21, 12 December 2013 (diff | hist) . . (+257) . . N Security Notes (Created page with "The OpenStack Security Group publishes Security Notes to advise users of security related issues. === Published Security Notes === * 1226078 - Glance allows ...")
- 17:00, 12 December 2013 (diff | hist) . . (+2,657) . . N OSSN/1226078 (Created page with "__NOTOC__ == Glance allows sharing of images between projects without consumer project approval == === Summary === Glance allows images to be shared between projects. In cert...")
(newest | oldest) View (newer 100 | older 100) (20 | 50 | 100 | 250 | 500)