OpenStack Security Advice, guiding users around common insecure configurations and vulnerabilities in 3rd party libraries and applications often used with OpenStack.
OpenStack Security Notes exist to guide users and implementers of OpenStack through various security 'pain-points'. Security Notes do not directly address vulnerabilities in OpenStack. OSNs provide guidance to ensure secure use of OpenStack and will often provide work arounds or advice for 3rd party libraries and services used in conjunction with OpenStack.
This project is maintained by the OpenStack Security Group: https:/
Project information
- Maintainer:
- OpenStack Vulnerability Management team
- Also known as:
- osn
- Licence:
- Creative Commons - No Rights Reserved
View full history Series and milestones
trunk series is the current focus of development.
All bugs Latest bugs reported
-
Bug #2147354: Remote Code Execution via Malicious VNF UserData
Reported -
Bug #2147406: CRITICAL Security Vulnerability: Long-standing Credentials Leak in Zuul Logs - Potential Global Supply Chain Compromise
Reported -
Bug #2158919: [OSSN-0101] Console WebSocket Proxy Origin Allow-List Poisoning
Reported -
Bug #2157914: Mulitple driver ssl/tls security and default operating behavior issues
Reported -
Bug #2148310: [OSSN-0100] Command injection via chroot execution of tenant-controlled binaries (CVE-2026-43003)
Reported
More contributors Top contributors
- Goutham Pacha Ravi 128 points
- Jay Faulkner 56 points
- Salvatore Bonaccorso 14 points