A couple questions while I try to draft an impact description for the CVE:
* Mark, should we credit the company you work for, in addition to your name ? If yes, which company is it ?
* Any idea which versions of OpenStack should be considered vulnerable to this ? I suspect that would be when RBAC was added to openStack API, but not sure how to be more precise than that
A couple questions while I try to draft an impact description for the CVE:
* Mark, should we credit the company you work for, in addition to your name ? If yes, which company is it ?
* Any idea which versions of OpenStack should be considered vulnerable to this ? I suspect that would be when RBAC was added to openStack API, but not sure how to be more precise than that