[gpfsug-discuss] Question about Security Bulletin: Openstack Keystone vulnerabilities affects IBM Spectrum Scale (CVE-2020-12689)

John T Olson jtolson at us.ibm.com
Wed Aug 26 16:52:56 BST 2020


Hi, openstack Keystone is only used if you have configured and are using
the object services.  If you are not using object services, then the local
Keystone server will not be configured and this vulnerability should not
affect you.  Do you have object services enabled?


Thanks,

John

John T. Olson, Ph.D.
Spectrum Scale Security
Master Inventor
957/9032-1 Tucson, AZ, 85744
(520) 799-5185, tie 321-5185 (FAX: 520-799-4237)
Email: jtolson at us.ibm.com
LinkedIn: www.linkedin.com/in/john-t-olson
Follow me on twitter:  @John_T_Olson



From:	"Hannappel, Juergen" <juergen.hannappel at desy.de>
To:	gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:	08/26/2020 07:25 AM
Subject:	[EXTERNAL] [gpfsug-discuss] Question about Security Bulletin:
            Openstack Keystone vulnerabilities affects IBM Spectrum Scale
            (CVE-2020-12689)
Sent by:	gpfsug-discuss-bounces at spectrumscale.org



Hello,
in the bulletin https://www.ibm.com/support/pages/node/6323241 it's
mentioned
"IBM Spectrum Scale, shipped with Openstack keystone, is exposed to
vulnerabilities as detailed below."
I am not aware of any openstack components in our standard Scale
deployments,
so how am I to read this sentence? Is there some Openstack stuff bundled
into a standard gpfs installation?

--
Dr. Jürgen Hannappel  DESY/IT    Tel.  : +49 40 8998-4616
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200826/7cb5c0c8/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200826/7cb5c0c8/attachment-0002.gif>


More information about the gpfsug-discuss mailing list