[Openstack-security] [Bug 1491218] Re: [api] no checks of request tenant_id during querying service last status of an environment
Serg Melikyan
1491218 at bugs.launchpad.net
Thu Oct 15 15:54:18 UTC 2015
** Changed in: murano
Milestone: liberty-3 => 1.0.0
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1491218
Title:
[api] no checks of request tenant_id during querying service last
status of an environment
Status in murano:
Fix Released
Bug description:
Currently api code does not check whether a given env belongs to
current requests tenant when call api
/environments/{environment_id}/lastStatus.
Therefore it might be possible for users from different tenants to get
last services status.
To manage notifications about this bug go to:
https://bugs.launchpad.net/murano/+bug/1491218/+subscriptions
More information about the Openstack-security
mailing list