openstack-attic/openstack-security-notes
Code Issues Proposed changes
21 Commits 1 Branch 0 Tags 603 KiB
Text 100%
e34b5c292b
Go to file
tmcpeak e34b5c292b Adding OSSN-0017 - Session-fixation vulnerability in Horizon when using the default signed cookie sessions 
OSSN-0017 describes an issue where the default setting in Horizon causes client side cookies to be used.
This allows an attacker who is able to capture a user's cookie to perform any action as that user, even
after that user has logged out.

Related-Bug: #1327425
Change-Id: I74bf8f308227c8adafc719474bec6f8cd1db2601
2014-06-18 13:44:23 -07:00
notes Adding OSSN-0017 - Session-fixation vulnerability in Horizon when using the default signed cookie sessions 2014-06-18 13:44:23 -07:00
templates Modified templates to wrap lines at 72 characters 2014-03-06 18:51:31 -08:00
.gitreview Add gitreview file 2014-04-01 16:53:46 -07:00
README.md Add previously published security notes 2014-02-12 21:35:18 -08:00

README.md

OpenStack Security Notes (OSSN)

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Repository Layout

This repository contains published Security Notes and templates that should be used when creating new Security Notes.

notes - contains Security Notes in e-mail format (see the templates)
templates - contains e-mail and wiki format templates

Useful Links

A list of published Security Notes is available here:

https://wiki.openstack.org/wiki/Security_Notes

The process used to create new Security Notes is available here:

https://wiki.openstack.org/wiki/Security/Security_Note_Process