Because this report only describes well-known behaviors of the software, I've switched it to public now. The OpenStack Vulnerability Management Team is not tracking this any longer since it does not seem to represent any vulnerability or hardening opportunity (hence the "invalid" advisory status), class E per our report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Because this report only describes well-known behaviors of the software, I've switched it to public now. The OpenStack Vulnerability Management Team is not tracking this any longer since it does not seem to represent any vulnerability or hardening opportunity (hence the "invalid" advisory status), class E per our report taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy