Thank you Emilien for following the vmt-process. Here are a few suggestions:
Title: Wrong staticweb middleware order in Swift proxy Puppet configuration
Reporter: Christian Schwede (Red Hat)
Products: puppet-swift
Affects: versions through 5.1.0 and version 6.0.0
Description:
Christian Schwede from Red Hat reported a vulnerability in puppet-swift. When the staticweb middleware is enabled, it is incorrectly configured before the keystone auth middleware, allowing anonymous access to private Swift containers. All setups configured with staticweb middleware are affected.
The next steps are:
* review and approve propose impact description draft
* submit and approve backports to Juno and Kilo
* request a CVE
Thank you Emilien for following the vmt-process. Here are a few suggestions:
Title: Wrong staticweb middleware order in Swift proxy Puppet configuration
Reporter: Christian Schwede (Red Hat)
Products: puppet-swift
Affects: versions through 5.1.0 and version 6.0.0
Description:
Christian Schwede from Red Hat reported a vulnerability in puppet-swift. When the staticweb middleware is enabled, it is incorrectly configured before the keystone auth middleware, allowing anonymous access to private Swift containers. All setups configured with staticweb middleware are affected.
The next steps are:
* review and approve propose impact description draft
* submit and approve backports to Juno and Kilo
* request a CVE