[Openstack-security] [OSSN][DRAFT] Disabling a tenant does not disable a user token
Clark, Robert Graham
robert.clark at hp.com
Thu Aug 8 09:24:16 UTC 2013
For my part I'd like to see a CVE as the actual behaviour of a potentially
security enforcing function differs significantly from the expected
behaviour.
On 08/08/2013 09:43, "Thierry Carrez" <thierry at openstack.org> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>Kurt Seifried wrote:
>> On 08/07/2013 06:33 AM, Clark, Robert Graham wrote:
>>> [DRAFT] - Please Review Disabling a tenant does not disable a
>>> user token ----
>> [...] I assume this needs a CVE?
>
>Your call... To me it's more of an explanation of how things work
>(non-obvious design with potential security implications which need to
>be communicated to users) than a vulnerability... which is why this
>was handled as a security note rather than an advisory.
>
>- --
>Thierry Carrez (ttx)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.12 (GNU/Linux)
>Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
>iQIcBAEBCAAGBQJSA1oaAAoJEFB6+JAlsQQje64P/08RR6x5zZzVHcileo4fA1wg
>SODsQ5tADbwYuhLE+3lUUg94xpyR/WQahPPf/BzQyPH+cWg5EIPDJMaY3WYwiscT
>8mLit1an3O792OUKN26zVWHzQJj9iR6qXZ5Dn4rh4ePEDy9Op8bWboZH/lxfut0J
>5ETpoiMUjL59CbztW0nLm6QO9zy7oKnYBRpakLXq2hj9tJuAPPn+eyAHKdUcMtqu
>uWdUXDCnHJmwxmmAhBL+DhPcDuBApMYP9lIDQihB7tUlPwqdFUVMwnEVykDKiTuU
>falFDU2F1b2hNNG1Klh0yJCTuqbHTS6o31CAlI2a50iMik1Vp6V/+kv/u9/W+UN+
>pFiYl90wTPbz1h4Kvw3imniXyySWhw1lWfjX72QPi6WJY4KdEmx3WLcmhllwpJCl
>/nw5hSalmGOnUKFFu4oB6A8i8xGSPd8fZL0XigeUAhTVyNWVZzwW1X05Ljw7rROM
>9m0hQj5pGohhBN6Aek50zNUw5sX4nyNqAmasoUtmS7D02bvNyiPKe79mLsQyUvkl
>mTW7w6A47jHbPH6VMs5Gn3QPp4yAOPdsunEtCvG/BmufvU16OrXMXJsrm/vj440K
>wsiOElVZqRBMLXW5ir4q+CE1RRTP2Sb/io1vh1cteXZBJD437wznzAFpRFyLTMif
>3IXIrXr3yhNmcsdkYwKf
>=HW13
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Openstack-security mailing list
>Openstack-security at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
More information about the Openstack-security
mailing list