It is not apparent to me who is waiting on what right now.
Gorka, could you help me better understand what is required for an attacker to exploit this? I made a rough guess at CVSS score: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* Could this be executed remotely?
* What is the level of complexity to exploit?
* Could an attacker exploit this multiple times and eventually gain control of all images within the OpenStack deployment?
* Attacker would need at least a basic user account right?
Fungi, what are your thoughts on security classification? Possibly A or B1? Is it too early to pick a disclosure date?
It is not apparent to me who is waiting on what right now.
Gorka, could you help me better understand what is required for an attacker to exploit this? I made a rough guess at CVSS score: https:/ /www.first. org/cvss/ calculator/ 3.1#CVSS: 3.1/AV: L/AC:L/ PR:L/UI: N/S:U/C: H/I:H/A: H
* Could this be executed remotely?
* What is the level of complexity to exploit?
* Could an attacker exploit this multiple times and eventually gain control of all images within the OpenStack deployment?
* Attacker would need at least a basic user account right?
Fungi, what are your thoughts on security classification? Possibly A or B1? Is it too early to pick a disclosure date?