Thierry, Thiago hasn't responded yet on the admin/ non-admin user part. Looks like that is the issue. I have pinged him to file a bug with more details, so that it will be acted upon. Thanks, -Sriram On Thu, Dec 26, 2013 at 2:57 AM, Thierry Carrez <thierry at openstack.org>wrote: > Sriram Subramanian wrote: > > Anybody seen this? Can we follow up with him for more details? > > We had several people report the same type of "breach" in the past. It > always boiled down to people misunderstanding the power of the "admin" > users (which by default are not that much restricted by tenant boundaries). > > I would not be surprised if that was the case here. Especially if the > reporter can't reproduce it on a "fresh" setup (where he would set up > normal users). > > -- > Thierry Carrez (ttx) > > _______________________________________________ > Openstack-security mailing list > Openstack-security at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security > -- Thanks, -Sriram -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131226/9cf90c8e/attachment.html>