settingsLogin | Registersettings

Search:

Recent questions tagged ossg

0 votes
0 responses 11 views

Heap and Stack based buffer overflows in dnsmasq prior to version 2.78 ---------------------------------------------------------------------- ### Summary ### A series of heap and stack based buffer overflows have been discovered in versions ...

asked Oct 4, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 11 views

sha512_crypt is insufficient for password hashing ------------------------------------------------- ### Summary ### Use of sha512_crypt for password hashing in versions of Keystone prior to Pike, is insufficient and provides limited ...

asked Sep 17, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 12 views

Aodh can be used to launder Keystone trusts --- ### Summary ### When adding an alarm action with the scheme `trust+http:` Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, not that ...

asked Aug 17, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 5 views

Ceph credentials included in logs using older versions of libvirt/qemu ---------------------------------------------------------------------- ### Summary ### Older versions of libvirt included network storage authentication information on ...

asked Jul 21, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 7 views

copy_from in Image Service API v1 allows network port scan ------------------------------------------------------------------------------------------- ### Summary ### The `copy_from` feature in Image Service API v1 supplied by Glance can ...

asked Mar 16, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
0 responses 6 views

Users of Glance may be able to replace active image data --- ### Summary ### When Glance has been configured with the "show_multiple_locations" option enabled with default policy for set and delete locations, it is possible for a non-admin ...

asked Feb 9, 2017 in openstack by Luke_Hinds (1,500 points)   1
 
0 votes
2 responses 12 views

OpenStack Security Note: 0074 Nova metadata service should not be used for sensitive information --- ### Summary ### A recent security report has highlighted how users may be using the metadata service to store security sensitive ...

asked Jan 19, 2017 in openstack by Luke_Hinds (1,500 points)   1
3 x  
0 votes
0 responses 7 views

MongoDB guest instance allows any user to connect --- ### Summary ### When creating a new MongoDB single instance or cluster the default setting in MongoDB `security.authorization` was set as disabled. This resulted in no need to provide ...

asked Nov 10, 2016 in openstack by Luke_Hinds (1,500 points)   1
2 x  
0 votes
1 response 8 views

Glance Image service v1 and v2 api image-create vulnerability --- ### Summary ### No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of ...

asked Oct 27, 2016 in openstack by Luke_Hinds (1,500 points)   1
2 x  
0 votes
52 responses 29 views

Hi everyone, As announced previously[1][2], there were no PTL candidates within the election deadline for a number of official OpenStack project teams: Astara, UX, OpenStackSalt and Security. In the Astara case, the current team working on ...

asked Sep 21, 2016 in openstack-dev by Thierry_Carrez (57,480 points)   3 8 13
8 x  
0 votes
0 responses 5 views

MongoDB guest instance allows any user to connect --- ### Summary ### When creating a new MongoDB single instance or cluster the default setting in MongoDB `security.authorization` was set as disabled. This resulted in no need to provide ...

asked Sep 15, 2016 in openstack by Luke_Hinds (1,500 points)   1
2 x  
0 votes
0 responses 19 views

Deleted Glance image IDs may be reassigned --- ### Summary ### It is possible for image IDs from deleted images to be reassigned to other images. This creates the possibility that: - Alice creates a VM that boots from image ID X which has ...

asked Sep 14, 2016 in openstack by Luke_Hinds (1,500 points)   1
2 x  
0 votes
0 responses 8 views

Horizon dashboard leaks internal information through cookies --- ### Summary ### When horizon is configured, its URL contains the IP address of the internal URL of keystone, as the default value for the identity service is "internalURL".[1] ...

asked Sep 8, 2016 in openstack by Luke_Hinds (1,500 points)   1
2 x  
0 votes
0 responses 7 views

Host machine exposed to tenant networks via IPv6 --- ### Summary ### New interfaces created by Neutron in the default namespace, were done so without disabling IPv6 link-local addresses. This resulted in instances gaining the ability to ...

asked Sep 8, 2016 in openstack by Luke_Hinds (1,500 points)   1
2 x  
0 votes
0 responses 5 views

Bandit versions lower than 1.1.0 do not escape HTML in issue reports --- ### Summary ### Bandit versions lower than 1.1.0 have a bug in the HTML report formatter that does not escape HTML in issue context snippets. This could lead to an XSS ...

asked Aug 30, 2016 in openstack-dev by Luke_Hinds (1,500 points)   1
2 x  
0 votes
1 response 9 views

I'd like to nominate Luke for a CoreSec position as part of the Security Project. CoreSec team members support the VMT with extended consultation on externally reported vulnerabilities. Luke has been an active member of the Security project ...

asked Aug 8, 2016 in openstack-dev by Rob_C (1,240 points)   1
0 votes
0 responses 17 views

Repeated token revocation requests, can lead to service degradation or disruption --- ### Summary ### There is currently no limit to the frequency of keystone token revocations that can be made by a single user, in any given time frame. If ...

asked Jul 21, 2016 in openstack-dev by Luke_Hinds (1,500 points)   1
2 x  
0 votes
1 response 12 views

Nova and Cinder key manager for Barbican misuses cached credentials --- ### Summary ### During the Icehouse release the Cinder and Nova projects added a feature that supports storage volume encryption using keys stored in Barbican. The ...

asked Jun 9, 2016 in openstack-dev by Nathan_Kinder (3,100 points)   1 2 4
 
0 votes
0 responses 15 views

Nova and Cinder key manager for Barbican misuses cached credentials --- ### Summary ### During the Icehouse release the Cinder and Nova projects added a feature that supports storage volume encryption using keys stored in Barbican. The ...

asked Jun 9, 2016 in openstack by Nathan_Kinder (3,100 points)   1 2 4
 
0 votes
0 responses 9 views

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Potential reuse of revoked Identity tokens - --- ### Summary ### An authorization token issued by the Identity service can be revoked, which is designed to immediately make that token invalid ...

asked Dec 16, 2015 in openstack-dev by Nathan_Kinder (3,100 points)   1 2 4
...