The two privileged fields are "network_type" and "segmentation_id". These fields are protected by neutron policy [1] and they default to keystone user role with 'rule:admin_only'. I am unsure if this information can be used to exploit OpenStack services or users' data.
A user who has been denied access to this information by the cloud administrator (by virtue of policy) can use the share networks API to designate a neutron network as a manila share network, and gather the hidden details of the neutron share network; thereby working around the security cover of the Neutron API.
The two privileged fields are "network_type" and "segmentation_id". These fields are protected by neutron policy [1] and they default to keystone user role with 'rule:admin_only'. I am unsure if this information can be used to exploit OpenStack services or users' data.
A user who has been denied access to this information by the cloud administrator (by virtue of policy) can use the share networks API to designate a neutron network as a manila share network, and gather the hidden details of the neutron share network; thereby working around the security cover of the Neutron API.
[1] https:/ /opendev. org/openstack/ neutron/ src/commit/ 05d93684fb44de3 d869d23a65c5c18 f6af54ee2f/ neutron/ conf/policies/ network. py#L78- L95