[openstack-announce] [OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565)

2020-12-07 Thread Gage Hugo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 == OSSA-2020-008: Open redirect in workflow forms == :Date: December 03, 2020 :CVE: CVE-2020-29565 Affects ~~~ - - Horizon: <15.3.2, >=16.0.0 <16.2.1,

Re: [openstack-announce] [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING)

2020-05-07 Thread Gage Hugo
URE- On Wed, May 6, 2020 at 2:48 PM Gage Hugo wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > = > OSSA-2020-004: Keystone credential endpoints all

Re: [openstack-announce] [OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING)

2020-05-07 Thread Gage Hugo
T h/pAiVk6InwpTnTfor8OoHFPiD7MTg34EJmEkGqmCPPOIpm/BSk= =3dVo -END PGP SIGNATURE- On Wed, May 6, 2020 at 2:53 PM Gage Hugo wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > == > OSSA-2020-005: OAuth1 re

Re: [openstack-announce] [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)

2020-05-07 Thread Gage Hugo
0re pFf1iegTAArgminNCuTKKswLNgLr5J6SkKH/LTb3/hKgduRabRzKcBreP371fuvP K5/QCmXEyOT8HbQstWaEXmy9FvDh35lvmXtaKWBhB0LR8kWAY8s= =fTyp -END PGP SIGNATURE- On Wed, May 6, 2020 at 2:41 PM Gage Hugo wrote: > -BEGIN PGP SIGNED MESSAGE- > Has

[openstack-announce] [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)

2020-05-06 Thread Gage Hugo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 == OSSA-2020-003: Keystone does not check signature TTL of the EC2 credential auth method

[openstack-announce] [OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING)

2020-05-06 Thread Gage Hugo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 == OSSA-2020-005: OAuth1 request token authorize silently ignores roles parameter == :Date: May

[openstack-announce] [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING)

2020-05-06 Thread Gage Hugo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = OSSA-2020-004: Keystone credential endpoints allow owner modification and are not protected from a scoped context

[openstack-announce] [OSSA-2019-006] Credentials API allows listing and retrieving of all users credentials (CVE-2019-19687)

2019-12-11 Thread Gage Hugo
= OSSA-2019-006: Credentials API allows listing and retrieving of all users credentials = :Date: December 09, 2019 :CVE:

[openstack-announce] [OSSA-2019-002] Unable to install new flows on compute nodes when having broken security group rules (CVE-2019-10876)

2019-04-10 Thread Gage Hugo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 === OSSA-2019-002: Overlapping security group rules prevents compute node network configuration

Re: [openstack-dev] Stepping down as keystone core

2018-08-30 Thread Gage Hugo
Thanks for all the help Samuel. I remember a couple instances when I first started contributing to keystone where you helped me out and I am extremely grateful. It was great working with you, and hopefully we will still see you around! On Wed, Aug 29, 2018 at 2:33 PM Lance Bragstad wrote: >

Re: [openstack-dev] [keystone] Signing off

2018-05-30 Thread Gage Hugo
It was great working with you Henry. Hope to see you around sometime and wishing you all the best! On Wed, May 30, 2018 at 3:45 AM, Henry Nash wrote: > Hi > > It is with a somewhat heavy heart that I have decided that it is time to > hang up my keystone core status. Having been involved since

[openstack-dev] [security sig] No meeting May 24th

2018-05-17 Thread Gage Hugo
Hello, Due to members attending the OpenStack summit in Vancouver, we will be canceling the Security SIG meeting on May 24th. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe:

Re: [openstack-dev] [security] Tomorrow's meeting and LCOO

2018-03-14 Thread Gage Hugo
Hey Luke, I can chair the meeting tomorrow if that works. I will also ping eeiden about getting some LCOO discussion going as well. On Wed, Mar 14, 2018 at 1:35 PM, Luke Hinds wrote: > Hello, > > Something has come up that determines I won't be able to attend the > meeting

Re: [openstack-dev] [castellan] Removing Keystoneauth Dependency in Castellan Discussion

2017-12-19 Thread Gage Hugo
On Tue, Dec 12, 2017 at 5:34 PM, Doug Hellmann wrote: > Excerpts from Dave McCowan (dmccowan)'s message of 2017-12-12 21:36:51 > +: > > > > On 12/12/17, 3:15 PM, "Doug Hellmann" wrote: > > > > >Excerpts from Dave McCowan (dmccowan)'s message of

Re: [openstack-dev] Removing Keystoneauth Dependency in Castellan Discussion

2017-12-06 Thread Gage Hugo
It's been a bit since the summit but I believe this was also discussed at the Denver PTG as well: https://etherpad.openstack.org/p/oslo-ptg-queens The keystoneauth stuff seems to be more from Sydney, but if I remember correctly, Castellan authenticates through keystoneauth and passes the session

Re: [openstack-dev] [keystone][nova][cinder][horizon][all] properties / metadata for resources

2016-11-08 Thread Gage Hugo
This spec was discussed at the keystone meeting today and during the conversation that continued afterwards, an idea of using the keystone configuration to set a list of keys was mentioned. The idea is that a cloud admin could define a list of keys that they need for their setup within keystone's