[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Fri Dec 27 06:03:34 UTC 2013
Tenant A user isn't an admin account (he isn't a member of admin Project).
On 24 December 2013 13:55, Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2013-12-22 15:37:02 -0200 (-0200), Martinx - ジェームズ wrote:
> [...]
> > This is a very serious problem, since I'm giving to the "Tenant
> > A", almost total access to "Tenant B" Instances!! This kind of
> > situation should NEVER occur!
> >
> > What can I do to completely block this?
> [...]
>
> Is it possible the user for Tenant A is an admin account? Remember,
> admins are global administrators regardless of what tenant they
> might be associated with.
> --
> Jeremy Stanley
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131227/7744c76f/attachment.html>
More information about the Openstack
mailing list