I've now read through this entire report and it's still unclear to me why you suspect this indicates an exploitable security vulnerability in Cinder. I'm switching the bug type back to a normal "Public" state, but if you do have some reason for the OpenStack VMT to triage it as report of a suspected security vulnerability please provide a clear explanation in a comment so we can better classify this. Thanks!
I've now read through this entire report and it's still unclear to me why you suspect this indicates an exploitable security vulnerability in Cinder. I'm switching the bug type back to a normal "Public" state, but if you do have some reason for the OpenStack VMT to triage it as report of a suspected security vulnerability please provide a clear explanation in a comment so we can better classify this. Thanks!