Comment 16 for bug 1489749
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thank you Emilien for following the vmt-process. Here are a few suggestions:
Title: Wrong staticweb middleware order in Swift proxy Puppet configuration
Reporter: Christian Schwede (Red Hat)
Products: puppet-swift
Affects: versions through 5.1.0 and version 6.0.0
Description:
Christian Schwede from Red Hat reported a vulnerability in puppet-swift. When the staticweb middleware is enabled, it is incorrectly configured before the keystone auth middleware, allowing anonymous access to private Swift containers. All setups configured with staticweb middleware are affected.
The next steps are:
* review and approve propose impact description draft
* submit and approve backports to Juno and Kilo
* request a CVE