[Openstack-security] [Bug 1245350] Re: One tenant's admin user can modified other tenant's user’s quota info
Jeremy Stanley
fungi at yuggoth.org
Mon Jan 6 17:28:57 UTC 2014
*** This bug is a duplicate of bug 968696 ***
https://bugs.launchpad.net/bugs/968696
** Changed in: cinder
Status: Confirmed => Invalid
** Changed in: cinder
Importance: High => Undecided
** Changed in: nova
Importance: High => Undecided
** Changed in: ossa
Status: Incomplete => Invalid
** Information type changed from Private Security to Public
** Tags added: security
** This bug has been marked a duplicate of bug 968696
"admin"-ness not properly scoped
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1245350
Title:
One tenant's admin user can modified other tenant's user’s quota info
Status in Cinder:
Invalid
Status in OpenStack Compute (Nova):
Invalid
Status in OpenStack Security Advisories:
Invalid
Bug description:
1、Create tenant A and userA,and make userA as an admin
2、Create tenant B and userA,and make userB as an admin
3、userA login in openstack system,and create quota info “volumes:11111”
4、userB login in openstack system ,and update userA’s quota info from “volumes:11111” to “volumes:111”
5、detail test operation info see this link:http://paste.openstack.org/show/50020/
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1245350/+subscriptions
More information about the Openstack-security
mailing list