Here's an OSSA impact statement draft. If any of this information is
incorrect, please feel free to correct me and I will revise.
Title: Overlapping security group rules prevents compute node network conf
iguration
Reporter: Diko Parvanov (Canonical)
Products: Neutron
Affects: <11.0.7, >=12.0.0 <1
I don't see a backport change to Ocata, are there plans on submitting
one?
https://review.openstack.org/#/q/I17ab643abbd2ec21eda4ae1dfb9abf2d4b0657f2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1813
Updated impact statement draft. If any of this information is incorrect,
please feel free to correct and I will revise.
Title: Overlapping security group rules prevents compute node network
configuration
Reporter: Diko Parvanov (Canonical)
Products: Neutron
Affects: >=11.0.0 <11.0.7, >=12.0.0 <12
** Summary changed:
- [SRU] Unable to install new flows on compute nodes when having broken
security group rules
+ [SRU] Unable to install new flows on compute nodes when having broken
security group rules (CVE-2019-10876)
--
You received this bug notification because you are a member of Ubunt
I wasn't able to recreate this with Rocky, only a user with the "admin"
role was able to list credentials, other users with member roles were
denied (as policy defined).
The code was indeed changed after Rocky to account for system scope,
where I believe that this issue was introduced.
--
You re
** Changed in: keystone
Status: New => Triaged
** Changed in: keystone
Importance: Undecided => Low
** Changed in: keystone
Milestone: None => ussuri-1
** Changed in: keystone
Assignee: (unassigned) => Corey Bryant (corey.bryant)
--
You received this bug notification because
Since this was public for about a month prior to making private, it
doesn't seem worth keeping under embargo here. Getting this fixed
quickly is preferable and opening it up publicly would allow more eyes
on it and easier communication to help fix this.
** Description changed:
- This issue is bei
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1855080
Title:
Credentials API allows listing and retrieving of all user's
creden
I wrote up an impact description for use in an upcoming OpenStack
Security Advisory and associated CVE request. Please suggest any
improvements or suggestions:
Title: Credentials API allows listing and retrieving of all user's credentials
Reporter: Daniel 'f0o' Preussker ()
Products: Keystone
Aff
Updated, please review:
Title: Credentials API allows non-admin to list and retrieve every users'
credentials
Reporter: Daniel 'f0o' Preussker
Products: Keystone
Affects: ==15.0.0, ==16.0.0
Description:
Daniel 'f0o' Preussker reported a vulnerability in Keystone's list credentials
API. Any user
** Summary changed:
- Credentials API allows listing and retrieving of all user's credentials
+ Credentials API allows listing and retrieving of all users' credentials
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launc
Ah ok, I'll remove the apostrophe then.
Updated, please review:
Title: Credentials API allows non-admin to list and retrieve all users
credentials
Reporter: Daniel 'f0o' Preussker
Products: Keystone
Affects: ==15.0.0, ==16.0.0
Description:
Daniel 'f0o' Preussker reported a vulnerability in Keys
OSSA Report: https://review.opendev.org/#/c/698045/
** Changed in: ossa
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1855080
Title:
Credentials API allows
13 matches
Mail list logo
