Broken Security Link on Website and general bad discoverability of security related information

Sven Kieske S.Kieske at mittwald.de
Thu Feb 25 09:21:17 UTC 2021 

Hi,

I just noticed, while researching information regarding these two CVEs:

https://nvd.nist.gov/vuln/detail/CVE-2021-3177

https://nvd.nist.gov/vuln/detail/CVE-2021-23336

That the Link to the Security Contacts on the Website is broken:

https://www.openstack.org/openstack-security/ is a 404 for me.

I found the dead link here:

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce

Another "Bug" imho is, that there is no information how to contact
the security team on the main website, and the search for "security"
does not really yield good results how to contact the security team either.

If someone has any information on these vulnerabilities and how they affect
openstack I'd be delighted to hear from you.

a cursory search of gerrit didn't yield anything.
If I search the website using the integrated search for the CVE
the top result is some 2021 Board Election..

RedHat and Suse both state that their distributions of openstack are affected:

https://access.redhat.com/security/cve/cve-2021-23336
https://www.suse.com/security/cve/CVE-2021-23336/

So I guess the base distro is also affected, as these are core openstack components imho?

Thanks for you time.

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske
Systementwickler
 
 
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
 
Tel.: 05772 / 293-900
Fax: 05772 / 293-333
 
https://www.mittwald.de
 
Geschäftsführer: Robert Meyer, Florian Jürgens
 
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit 
gemäß Art. 13-14 DSGVO sind unter www.mittwald.de/ds abrufbar.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210225/b48f9498/attachment.sig>

More information about the openstack-discuss mailing list