[Openstack-security] [OSSN] Draft: Nova Baremetal Exposes Previous Tenant Data
Jeremy Stanley
fungi at yuggoth.org
Tue Jul 2 18:24:25 UTC 2013
On 2013-07-02 10:48:55 -0600 (-0600), Kurt Seifried wrote:
> This sounds liek it needs a CVE #. Any reason it wasn't given one?
As far as I'm aware, these were known shortcomings of the design
before any of it was ever implemented, and it is still considered a
proof-of-concept without any enforced isolation or secure booting
solutions added yet. I suppose it could be argued whether a CVE
should have been requested before the software was ever written.
--
Jeremy Stanley
More information about the Openstack-security
mailing list