I concur with the class C1 suggestion here. Generally OpenStack's VMT
has considered any theoretical vulnerability which depends on direct
brute-forcing or guessing the UUID space as impractical, but still
possibly a security hardening opportunity.
** Information type changed from Public Security
Public bug reported:
Seems like apache2.conf is not the way to put servername directive on
Ubuntu 18.04 lts
This bug tracker is for errors with the documentation, use the following
as a template and remove or add fields as you see fit. Convert [ ] into
[x] to check boxes:
- [x] This doc is
Reviewed: https://review.opendev.org/675041
Committed:
https://git.openstack.org/cgit/openstack/nova/commit/?id=cf7d28eb6ea47818e9f3584f65ec025f5a46326b
Submitter: Zuul
Branch:master
commit cf7d28eb6ea47818e9f3584f65ec025f5a46326b
Author: Takashi NATSUME
Date: Wed Aug 7 14:38:45 2019
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Public bug reported:
traceback:
We do have it for identity backend via
https://github.com/openstack/keystone/commit/e439476c1e434587122053a5c02c9ee4908e8b7c,
but not for credential backend.
2019-08-14 03:34:15.264 199385 ERROR keystone.common.wsgi
[req-b30e30a8-14fe-477f-b805-56a4d6e51ffc
*** This bug is a security vulnerability ***
Public security bug reported:
The current implementation of the GET /v3/OS-TRUST/trusts/{trust_id} API
leaks information about the existence of a trust to unauthorized users.
If an authenticated user requests a trust that either does not exist or
has
Public bug reported:
cloud-init v.19.2 doesn't consider the "cloud-init=disabled" kernel command
line parameter in CentOS7
The output of 'cloud-init collect-logs' is attached.
** Affects: cloud-init
Importance: Undecided
Status: New
** Attachment added: "cloud-init.tar.gz"
Reviewed: https://review.opendev.org/647655
Committed:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=5572d013004afe3d1a483d5b7ad6e3383e973ae1
Submitter: Zuul
Branch:master
commit 5572d013004afe3d1a483d5b7ad6e3383e973ae1
Author: Adrian Turjak
Date: Tue Mar 26 18:22:21 2019
8 matches
Mail list logo