Broken Security Link on Website and general bad discoverability of security related information

Sven Kieske S.Kieske at
Thu Feb 25 09:21:17 UTC 2021


I just noticed, while researching information regarding these two CVEs:

That the Link to the Security Contacts on the Website is broken: is a 404 for me.

I found the dead link here:

Another "Bug" imho is, that there is no information how to contact
the security team on the main website, and the search for "security"
does not really yield good results how to contact the security team either.

If someone has any information on these vulnerabilities and how they affect
openstack I'd be delighted to hear from you.

a cursory search of gerrit didn't yield anything.
If I search the website using the integrated search for the CVE
the top result is some 2021 Board Election..

RedHat and Suse both state that their distributions of openstack are affected:

So I guess the base distro is also affected, as these are core openstack components imho?

Thanks for you time.

Mit freundlichen Grüßen / Regards

Sven Kieske
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Tel.: 05772 / 293-900
Fax: 05772 / 293-333
Geschäftsführer: Robert Meyer, Florian Jürgens
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit 
gemäß Art. 13-14 DSGVO sind unter abrufbar.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the openstack-discuss mailing list