oss-sec mailing list archives
CVE Request / Saltstack SSL verification disabling for alibabab cloud module
From: Michael Scherer <misc () zarb org>
Date: Sat, 2 May 2015 04:10:45 +0200
Hi, Could a CVE be assigned for this problem : Saltstack do not verify certificate when connecting to Aliyun (Alibaba cloud service) API on HTTPS https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/aliyun.py#L724 The same issue exist for the proxmox module : https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/proxmox.py#L115 And splunk: https://github.com/saltstack/salt/blob/develop/salt/modules/splunk_search.py#L168 This was found by running bandit on the source code ( https://wiki.openstack.org/wiki/Security/Projects/Bandit ) -- Michael Scherer
Current thread:
- CVE Request / Saltstack SSL verification disabling for alibabab cloud module Michael Scherer (May 01)