Title: CFN policy rules not all enforced
Reporter: Steven Hardy (Red Hat)
Products: Heat
Affects: All supported releases
Description:
Steven Hardy from Red Hat reported a vulnerability in Heat's default API policy enforcement. By calling the CreateStack or UpdateStack methods, an in-instance user may be able to create or update a stack in violation of the default policy. Only setups using Heat's cloudformation-compatible API are affected.
Proposed impact description...
-----
Title: CFN policy rules not all enforced
Reporter: Steven Hardy (Red Hat)
Products: Heat
Affects: All supported releases
Description: compatible API are affected.
Steven Hardy from Red Hat reported a vulnerability in Heat's default API policy enforcement. By calling the CreateStack or UpdateStack methods, an in-instance user may be able to create or update a stack in violation of the default policy. Only setups using Heat's cloudformation-