Comment 16 for bug 1654598

Hi,

Completely cognizant of the fact that my update will re-trigger communication on this three year old bug report. I was recently added to this core-sec group, and Jeremy pointed out that this bug needs some resolution.

I agree with previous findings by Ben Swartzlander, Tom Barron and Rodrigo Barbieri that it is going to be really hard to exploit this vulnerability and do harm. If an attacker is able to grab export locations via UUID, they'd still need to gain access for their specific clients (by IP/user/cert/cephx rules) to be able to mount the share and do any real damage.

Tom: I'm inclined to switch this bug report to public - are you able to refresh your patches and submit them?