[glance][security-sig] Please revisit your open vulnerability report
fungi at yuggoth.org
Thu Feb 18 14:45:14 UTC 2021
Please help the OpenStack Vulnerability Management Team by taking a
look at the following report:
default paste_deploy.flavor is none, but config file text
implies it is 'keystone' (was: non-admin users can see all
tenants' images even when image is private)
Can it be exploited by a nefarious actor, and if so, how? Is it
likely to be fixable in all our supported stable branches,
respecting stable backport policy? What deployment configurations
and options might determine whether a particular installation is
susceptible? This is the sort of feedback we depend on to make
determinations regarding whether and how to keep the public
notified, so they can make informed decisions.
Thanks for doing your part to keep our users safe!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the openstack-discuss