[Openstack-security] [Bug 1464219] Re: [api] there are no checks of request tenant_id during abandoning of an environment

Lei Zhang lei.a.zhang at intel.com
Mon Jul 20 15:58:12 UTC 2015

Previous message (by thread): [Openstack-security] [Bug 1464219] Re: [api] there are no checks of request tenant_id during abandoning of an environment
Next message (by thread): [Openstack-security] [Bug 1464219] Re: [api] there are no checks of request tenant_id during abandoning of an environment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

** Changed in: murano
     Assignee: (unassigned) => Lei Zhang (lei-a-zhang)

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1464219

Title:
  [api] there are no checks of request tenant_id during abandoning of an
  environment

Status in murano:
  Confirmed

Bug description:
  Looks like the code currently does not check, that a given env belongs
  to current requests tenant.

  Therefore it might be possible for users from different tenants to
  delete/deploy environments.

To manage notifications about this bug go to:
https://bugs.launchpad.net/murano/+bug/1464219/+subscriptions

Previous message (by thread): [Openstack-security] [Bug 1464219] Re: [api] there are no checks of request tenant_id during abandoning of an environment
Next message (by thread): [Openstack-security] [Bug 1464219] Re: [api] there are no checks of request tenant_id during abandoning of an environment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Openstack-security mailing list