openstack-attic/openstack-security-notes
Code Issues Proposed changes
6 Commits 1 Branch 0 Tags 603 KiB
Text 100%
5380798f05
Go to file
Nathan Kinder 5380798f05 Add OSSN-0009 - Potential token revocation abuse via group membership 
This adds OSSN-0009, which covers an issue related to the ability
for a user to to abuse group operations in Keystone to trigger
revocation of tokens for other users.

Change-Id: Ic59048442a78fd37b4dcb608ee1a468af70fa82d
Related-Bug: #1268751
2014-04-01 19:48:58 -07:00
notes Add OSSN-0009 - Potential token revocation abuse via group membership 2014-04-01 19:48:58 -07:00
templates Modified templates to wrap lines at 72 characters 2014-03-06 18:51:31 -08:00
README.md Add previously published security notes 2014-02-12 21:35:18 -08:00

README.md

OpenStack Security Notes (OSSN)

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Repository Layout

This repository contains published Security Notes and templates that should be used when creating new Security Notes.

notes - contains Security Notes in e-mail format (see the templates)
templates - contains e-mail and wiki format templates

Useful Links

A list of published Security Notes is available here:

https://wiki.openstack.org/wiki/Security_Notes

The process used to create new Security Notes is available here:

https://wiki.openstack.org/wiki/Security/Security_Note_Process