Whether we should embargo or not this bug depends, as often, on whether we consider a valid attack scenario the fact that an attacker can obtain (or guess) another tenant's UUID. While the latter is not practical, the former seem to be a valid scenario.
Whether we should embargo or not this bug depends, as often, on whether we consider a valid attack scenario the fact that an attacker can obtain (or guess) another tenant's UUID. While the latter is not practical, the former seem to be a valid scenario.