Can a keystone dev comment on the potential security impact of this bug? I'm trying to figure out if we need to go back and issue a security advisory for this. Would this token be successfully validated allowing a user to do stuff with the token they shouldn't have received?
Can a keystone dev comment on the potential security impact of this bug? I'm trying to figure out if we need to go back and issue a security advisory for this. Would this token be successfully validated allowing a user to do stuff with the token they shouldn't have received?