Comment 19 for bug 1931558

Anyone can obtain a CVE assignment directly from MITRE using their request form. The process recommended by the VMT is outlined here: https://security.openstack.org/vmt-process.html#send-cve-request

Since this report is not under any embargo, I wouldn't bother supplying an encryption key for their response.