Comment 2 for bug 2048106

Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.

My initial impression is that this seems very similar to bug 1842749 which was fixed in public, not under embargo, and which the VMT treated as a hardening opportunity, class D in our report taxonomy: https://security.openstack.org/vmt-process.html#report-taxonomy