[Openstack-security] [Bug 1514396] Re: cinder backup-list is always listing all tenants's bug for admin in V1 api
Sean McGinnis
sean_mcginnis at dell.com
Thu Dec 10 22:50:28 UTC 2015
As part of the v2 only fix mentioned, the service side in cinder was
changed to only return the admin's own backups.
https://review.openstack.org/#/c/207451/
This effectively resolved this bug as it is no longer a risk that an
admin could accidentally get and delete all tenant's backups.
Without a change to the v1 support of the client, the admin no longer
has the ability to get all backups in the system. As v1 has been
deprecated for some time and we are trying to get folks to move over to
v2 this is fine. This should encourage admins that do need to get all
backups to use the v2 API.
** Changed in: python-cinderclient
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1514396
Title:
cinder backup-list is always listing all tenants's bug for admin in V1
api
Status in ospurge:
Confirmed
Status in OpenStack Security Advisory:
Won't Fix
Status in python-cinderclient:
Fix Released
Bug description:
https://bugs.launchpad.net/python-cinderclient/+bug/1422046 has been
fixed for V2 only
This is a security issue cause it leads to deleting all production
backups when logged as admin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ospurge/+bug/1514396/+subscriptions
More information about the Openstack-security
mailing list