Date: Sat, 2 May 2015 04:10:45 +0200 From: Michael Scherer <misc@...b.org> To: oss-security@...ts.openwall.com Cc: security@...tstack.com Subject: CVE Request / Saltstack SSL verification disabling for alibabab cloud module Hi, Could a CVE be assigned for this problem : Saltstack do not verify certificate when connecting to Aliyun (Alibaba cloud service) API on HTTPS https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/aliyun.py#L724 The same issue exist for the proxmox module : https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/proxmox.py#L115 And splunk: https://github.com/saltstack/salt/blob/develop/salt/modules/splunk_search.py#L168 This was found by running bandit on the source code ( https://wiki.openstack.org/wiki/Security/Projects/Bandit ) -- Michael Scherer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.