Comment 23 for bug 1872733
Revision history for this message
| Colleen Murphy (krinkle) wrote Re: Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
> This potentially allows the malicious user to act as the admin on a project another user has the admin role on
... which in many cases can effectively grant the user global admin privileges.