[Openstack-security] [Bug 1464219] [NEW] [api] there are no checks of request tenant_id in delete/deploy of environment
Kirill Zaitsev
kzaitsev at mirantis.com
Thu Jun 11 11:06:20 UTC 2015
Public bug reported:
Looks like the code currently does not check, that a given env belongs
to current requests tenant.
Therefore it might be possible for users from different tenants to
delete/deploy environments.
** Affects: murano
Importance: Undecided
Status: New
** Tags: api kilo-backport-potential security
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1464219
Title:
[api] there are no checks of request tenant_id in delete/deploy of
environment
Status in Murano:
New
Bug description:
Looks like the code currently does not check, that a given env belongs
to current requests tenant.
Therefore it might be possible for users from different tenants to
delete/deploy environments.
To manage notifications about this bug go to:
https://bugs.launchpad.net/murano/+bug/1464219/+subscriptions
More information about the Openstack-security
mailing list