History

Travis McPeak a0c7593063 Adding OSSN-0060

This commit adds security note OSSN-0060 about an insecure glance
setting which enables escalation to admin level API privileges.

Change-Id: I5eba5cdc0e62e18771b236e2ec6dd9c0baf0ddb1

2016-01-25 08:29:55 -08:00

OSSN-0001

Check for syntax issues in the security notes with doc8

2014-09-29 09:11:31 +02:00

OSSN-0002

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0003

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0004

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0005

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0006

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0007

Check for syntax issues in the security notes with doc8

2014-09-29 09:11:31 +02:00

OSSN-0008

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0009

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0010

Check for syntax issues in the security notes with doc8

2014-09-29 09:11:31 +02:00

OSSN-0011

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0012

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0013

Check for syntax issues in the security notes with doc8

2014-09-29 09:11:31 +02:00

OSSN-0014

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0015

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0016

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0017

Check for syntax issues in the security notes with doc8

2014-09-29 09:11:31 +02:00

OSSN-0018

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0019

Fix checksyntax gate

2014-10-26 20:02:35 +01:00

OSSN-0020

Adding note for OSSN-0020

2014-09-11 07:40:54 -07:00

OSSN-0021

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0022

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

OSSN-0023

OSSN-0023 Keystone logs tokens at INFO levels

2014-09-02 18:17:11 +01:00

OSSN-0024

Add OSSN-0024 - Sensitive data exposure in logfiles

2014-09-24 08:16:13 -07:00

OSSN-0025

Re-submitting OSSN 25 concerning Swift/Glance public images

2014-10-20 11:02:41 -07:00

OSSN-0026

Fix checksyntax gate

2014-10-26 20:02:35 +01:00

OSSN-0027

Fix checksyntax gate

2014-10-26 20:02:35 +01:00

OSSN-0028

Add OSSN-0028 - Nova leaks hypervisor host SMBIOS serial number to guests

2014-10-02 09:53:04 -07:00

OSSN-0029

Clarify that Neutron FWaaS is experimental in OSSN-0029

2014-09-25 19:36:05 -07:00

OSSN-0030

Adding OSSN-0030: Bash 'shellshock' bug.

2014-09-26 16:03:17 +01:00

OSSN-0031

Add previously published OSSNs

2014-10-19 21:48:01 -07:00

OSSN-0032

Correct typo in OSSN-0032

2014-10-21 09:40:40 -07:00

OSSN-0033

Update OSSN-0033 to include lp 1436082

2015-09-17 16:05:32 -07:00

OSSN-0034

Add previously published OSSNs

2014-10-19 21:48:01 -07:00

OSSN-0035

Add previously published OSSNs

2014-10-19 21:48:01 -07:00

OSSN-0036

Add previously published OSSNs

2014-10-19 21:48:01 -07:00

OSSN-0037

Add previously published OSSNs

2014-10-19 21:48:01 -07:00

OSSN-0038

Adding OSSN-0038: Suds local cache poisoning.

2014-12-11 18:08:16 +00:00

OSSN-0039

Guidance on mitigating the POODLE attack in OpenStack clouds

2014-10-21 11:57:20 -07:00

OSSN-0042

Correct a typo in OSSN-0042

2014-12-16 17:35:45 -08:00

OSSN-0043

OSSN for gethostbyname glibc vuln.

2015-02-04 17:40:01 +00:00

OSSN-0044

Add text for OSSN-0044

2015-02-27 00:27:09 +00:00

OSSN-0045

Correct line-wrapping width for OSSN-0045

2015-03-11 10:55:12 -07:00

OSSN-0046

Correct line-wrapping for OSSN-0046

2015-04-30 19:10:04 -07:00

OSSN-0047

Add OSSN-0047

2015-04-14 07:03:30 -07:00

OSSN-0048

Add OSSN-0048

2015-04-28 14:04:59 -04:00

OSSN-0049

Correct typo in OSSN-0049

2015-07-07 06:48:33 -07:00

OSSN-0052

Adding OSSN-0052

2015-09-04 11:00:47 -07:00

OSSN-0053

Fix formatting errors in OSSN-0053

2015-09-23 12:24:59 -07:00

OSSN-0054

Adding an OSSN for bug 1457551 - django session store DoS

2015-09-02 15:56:54 -07:00

OSSN-0055

Correct mismatched OSSN link in OSSN-0055

2015-09-17 11:32:59 -07:00

OSSN-0056

OSSN - Cached Keystone Tokens

2015-09-17 10:29:24 -07:00

OSSN-0057

OSSN-0057 - DoS style attack on Glance service

2015-10-06 16:58:16 -07:00

OSSN-0058

Add OSSN-0058

2015-09-03 13:56:24 -04:00

OSSN-0059

Adding an OSSN for bug 1456228 - Trusted VM powered on untrusted host

2015-10-15 12:33:12 -05:00

OSSN-0060

Adding OSSN-0060

2016-01-25 08:29:55 -08:00

OSSN-0061

Adding OSSN-0061

2015-12-07 23:40:54 +00:00

OSSN-0062

Add OSSN-0062

2015-12-15 12:20:29 -08:00

README.md

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

template.txt

Migrate OSSNs to the security-doc repo

2014-08-11 12:59:28 -07:00

README.md

OpenStack Security Notes (OSSN)

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Repository Layout

This repository contains published Security Notes and templates that should be used when creating new Security Notes.

notes - contains Security Notes in e-mail format (see the templates)
templates - contains e-mail and wiki format templates

Useful Links

A list of published Security Notes is available here:

https://wiki.openstack.org/wiki/Security_Notes

The process used to create new Security Notes is available here:

https://wiki.openstack.org/wiki/Security/Security_Note_Process