Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
Projects security liaison and original reporter have been subscribe.
While being an issue in a dependency (qemu), it's not clear whenever OpenStack is really missing restriction on the qemu-img process...
However, depending on what a malicious user can effectively do with this issue, we may want to consider this OSSA worthy. Thought ?
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
Projects security liaison and original reporter have been subscribe.
While being an issue in a dependency (qemu), it's not clear whenever OpenStack is really missing restriction on the qemu-img process...
However, depending on what a malicious user can effectively do with this issue, we may want to consider this OSSA worthy. Thought ?