So, this is an un-expected privilege escalation through an out of scope user supplied project id. This should warrant an OSSA...
It appears to have been introduced at least in Havana, but it may be in Grizzly as well.
@Jamie Lennox: do you think this can be backported without a massive refactoring ?
So, this is an un-expected privilege escalation through an out of scope user supplied project id.
This should warrant an OSSA...
It appears to have been introduced at least in Havana, but it may be in Grizzly as well.
@Jamie Lennox: do you think this can be backported without a massive refactoring ?