Comment 8 for bug 1862050

It seems like we've got reasonable consensus that this is expected behavior and have public documentation (at least in the Security Guide as linked above, but likely also elsewhere), indicating that OpenStack API servers on the whole do not make any attempt to mitigate excessively rapid calls to expensive methods and so should be protected by a separate filtering or throttling mechanism if they're deployed in an environment where they're at risk of being overloaded.

I'll switch this public, treating as a class C1 report. If you or someone else feels this scenario should be covered by a CVE then feel free to request one from MITRE or another CNA, but please add it in a follow-up comment on this bug if you do so that we won't end up with multiple CVE assignments floating around for the same scenario. Thanks!