One tenant's admin user can modified other tenant's user’s quota info
Bug #1245350 reported by
ling-yun
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Invalid
|
Undecided
|
Unassigned |
Bug Description
1、Create tenant A and userA,and make userA as an admin
2、Create tenant B and userA,and make userB as an admin
3、userA login in openstack system,and create quota info “volumes:11111”
4、userB login in openstack system ,and update userA’s quota info from “volumes:11111” to “volumes:111”
5、detail test operation info see this link:http://
affects: | cinder → nova |
Changed in nova: | |
status: | Confirmed → Invalid |
Changed in cinder: | |
status: | Confirmed → Invalid |
importance: | High → Undecided |
Changed in nova: | |
importance: | High → Undecided |
Changed in ossa: | |
status: | Incomplete → Invalid |
information type: | Private Security → Public |
tags: | added: security |
To post a comment you must log in.
John, can you confirm this vulnerability ?