[Openstack-security] [Bug 1245350] Re: One tenant's admin user can modified other tenant's user’s quota info

Jeremy Stanley fungi at yuggoth.org
Mon Jan 6 17:28:57 UTC 2014 

*** This bug is a duplicate of bug 968696 ***
    https://bugs.launchpad.net/bugs/968696

** Changed in: cinder
       Status: Confirmed => Invalid

** Changed in: cinder
   Importance: High => Undecided

** Changed in: nova
   Importance: High => Undecided

** Changed in: ossa
       Status: Incomplete => Invalid

** Information type changed from Private Security to Public

** Tags added: security

** This bug has been marked a duplicate of bug 968696
   "admin"-ness not properly scoped

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1245350

Title:
  One tenant's admin user can modified other tenant's user’s quota info

Status in Cinder:
  Invalid
Status in OpenStack Compute (Nova):
  Invalid
Status in OpenStack Security Advisories:
  Invalid

Bug description:
  1、Create tenant A and userA,and make userA as an admin
  2、Create tenant B and userA,and make userB as an admin
  3、userA login in openstack system,and create quota info “volumes:11111”
  4、userB login in openstack system ,and update userA’s quota info from “volumes:11111” to “volumes:111”
  5、detail test operation info see this link:http://paste.openstack.org/show/50020/

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1245350/+subscriptions

More information about the Openstack-security mailing list