[Openstack] [OSSG][OSSN] Configure Horizon to mitigate BREACH/CRIME attacks

Configure Horizon to mitigate BREACH/CRIME attacks - ### Summary ### In its default configuration Horizon is vulnerable to BREACH/CRIME style chosen plaintext attacks which may allow an attacker to execute CSRF attacks. ### Affected Services / Software ### Horizon, Django, Apache, NGinx,

[Openstack] [OSSG][OSSN] Some SSL-Enabled connections fail to perform basic certificate checks

Some SSL-Enabled connections fail to perform basic certificate checks ### Summary ### In many places OpenStack components use Python 2.x HTTPSConnection to establish an SSL connection between endpoints. This does not provide many of the assurances one would expect when using SSL and leaves

[Openstack] [OSSG][OSSN] Horizon does not set Secure Attribute in cookies

Horizon does not set Secure Attribute in cookies - ### Summary ### Horizon does not, by default, set the Secure Attribute in cookies ### Affected Services / Software ### Horizon, Django ### Discussion ### When used in production Horizon should have the Secure Attribute for cookies set. When

Re: [openstack-dev] [Horizon][Security] BREACH/CRIME Attack Information

My understanding of such attacks is that they require a point-of-presence within the browser to perform the injection which in turn enables the side channel. As clients/users won't be interacting with the API using a browser I'm not 100% convinced that we need to worry about defending against

[openstack-dev] [OSSN][OSSG] Nova Baremetal Exposes Previous Tenant Data

Nova Baremetal Exposes Previous Tenant Data - ### Summary ### Data of previous tenants may be exposed to new ones when using Nova Baremetal ### Affected Services / Software ### Keystone, Databases ### Discussion ### Nova Baremetal is intended for testing and development only, it is not

<    1   2