Change abandoned by Jeffrey Zhang (jeffrey.zhang at 99cloud.net) on branch: master Review: https://review.openstack.org/550325 Reason: check https://review.openstack.org/#/c/549715/1 -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1749326 Title: Exploitable services exposed on community test nodes Status in kolla-ansible: Confirmed Bug description: One of the donor service providers for the upstream OpenStack Infrastructure CI pool has notified us that their security team's periodic vulnerability scans have been identifying systems at random within our environment as running open memcached servers. Job correlation from these reports indicates each was running one of the following: kolla-ansible-oraclelinux-binary kolla-ansible-oraclelinux-source kolla-ansible-oraclelinux-source-ceph Please adjust the configuration of your job framework to prevent these services from being exposed to the Internet (through iptables ingress filters, service ACLs, configuring them to not listen on globally- routable interfaces, whatever works). Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/kolla-ansible/+bug/1749326/+subscriptions