Comment 35 for bug 1779205
Revision history for this message
| Lance Bragstad (lbragstad) wrote Re: GET /v3/OS-FEDERATION/projects leaks project information | #35 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I would adjust the description in comment #30 by removing the term "federated":
"By doing GET /v3/OS-
an actor may discover projects they have no authority to access,
leaking all projects in the deployment and their attributes."
to
"Calling GET /v3/OS-
projects they have no authority to access, leaking all projects
in the deployment and their attributes."