openstack-security-notes/notes at e34b5c292b26bdd73c4b82da4d40e11e9adaa391 - openstack-security-notes - OpenDev: Free Software Needs Free Tools

openstack-attic/openstack-security-notes

History

tmcpeak e34b5c292b Adding OSSN-0017 - Session-fixation vulnerability in Horizon when using the default signed cookie sessions

OSSN-0017 describes an issue where the default setting in Horizon causes client side cookies to be used.
This allows an attacker who is able to capture a user's cookie to perform any action as that user, even
after that user has logged out.

Related-Bug: #1327425
Change-Id: I74bf8f308227c8adafc719474bec6f8cd1db2601

2014-06-18 13:44:23 -07:00

..

OSSN-0001

Add previously published security notes

2014-02-12 21:35:18 -08:00

OSSN-0002

Add previously published security notes

2014-02-12 21:35:18 -08:00

OSSN-0003

Add previously published security notes

2014-02-12 21:35:18 -08:00

OSSN-0004

Add previously published security notes

2014-02-12 21:35:18 -08:00

OSSN-0005

Add previously published security notes

2014-02-12 21:35:18 -08:00

OSSN-0006

Add previously published security notes

2014-02-12 21:35:18 -08:00

OSSN-0007

Add OSSN-0007 - unsecure libvirt live migration instructions

2014-03-06 14:59:19 -08:00

OSSN-0008

Add OSSN-0008 - DoS attack on noVNC/SPICE console due to lack of limiting

2014-03-09 09:58:57 -07:00

OSSN-0009

Add OSSN-0009 - Potential token revocation abuse via group membership

2014-04-01 19:48:58 -07:00

OSSN-0010

Add OSSN-0010 - Sample Keystone v3 policy exposes privilege escalation

2014-04-17 09:36:16 -07:00

OSSN-0011

Add OSSN-0011 - Heat templates with invalid references allows unintended network access

2014-04-04 15:18:26 -07:00

OSSN-0012

Correct typo in OSSN-0012 title

2014-04-10 00:13:58 -07:00

OSSN-0013

Correct workaround in OSSN-0013

2014-06-05 22:18:36 -07:00

OSSN-0014

Add OSSN-0014 - Cinder drivers set insecure file permissions

2014-05-29 11:59:35 -07:00

OSSN-0015

Add OSSN-0015 - Glance allows non-admin users to create public images

2014-05-29 13:28:21 -07:00

OSSN-0016

Cinder secure wipe misconfiguration will result in no wipe, on

2014-06-02 18:17:13 +01:00

OSSN-0017

Adding OSSN-0017 - Session-fixation vulnerability in Horizon when using the default signed cookie sessions

2014-06-18 13:44:23 -07:00