Skip to content

appendix: add OSSA-2026-001 security advisory #907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
berendt merged 1 commit into from
Jan 19, 2026
Merged

appendix: add OSSA-2026-001 security advisory #907

berendt merged 1 commit into from
Jan 19, 2026

Conversation

@berendt
Copy link
Member

@berendt berendt commented Jan 19, 2026

Add documentation for CVE-2026-22797, a privilege escalation vulnerability in OpenStack keystonemiddleware's external OAuth2 token handling. Includes OSISM-specific guidance for checking affected configurations and remediation options.

AI-assisted: Claude Code

@github-actions
Copy link

github-actions bot commented Jan 19, 2026
edited
Loading

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 3 0 0 0.03s
✅ JSON jsonlint 4 0 0 0.12s
✅ JSON prettier 4 0 0 0.34s
✅ JSON v8r 4 0 0 8.04s
✅ MARKDOWN markdownlint 159 0 0 1.94s
✅ MARKDOWN markdown-table-formatter 159 0 0 0.3s
✅ REPOSITORY checkov yes no no 17.07s
✅ REPOSITORY git_diff yes no no 0.06s
✅ REPOSITORY secretlint yes no no 1.79s
✅ REPOSITORY trufflehog yes no no 4.28s
✅ SPELL cspell 189 0 0 5.07s
✅ SPELL lychee 176 0 0 6.49s
✅ YAML prettier 5 0 0 0.39s
✅ YAML v8r 5 0 0 6.2s
✅ YAML yamllint 5 0 0 0.37s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_SECRETLINT,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@berendt
appendix: add OSSA-2026-001 security advisory
d3d070f 
Add documentation for CVE-2026-22797, a privilege escalation
vulnerability in OpenStack keystonemiddleware's external OAuth2
token handling. Includes OSISM-specific guidance for checking
affected configurations and remediation options.

AI-assisted: Claude Code

Signed-off-by: Christian Berendt <berendt@osism.tech>
@berendt berendt merged commit a91cd6a into main Jan 19, 2026
3 checks passed
@berendt berendt deleted the OSSA-2026-001 branch January 19, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@berendt