Comment 2 for bug 1824442

The two privileged fields are "network_type" and "segmentation_id". These fields are protected by neutron policy [1] and they default to keystone user role with 'rule:admin_only'. I am unsure if this information can be used to exploit OpenStack services or users' data.

A user who has been denied access to this information by the cloud administrator (by virtue of policy) can use the share networks API to designate a neutron network as a manila share network, and gather the hidden details of the neutron share network; thereby working around the security cover of the Neutron API.

[1] https://opendev.org/openstack/neutron/src/commit/05d93684fb44de3d869d23a65c5c18f6af54ee2f/neutron/conf/policies/network.py#L78-L95