The CVSS user gide gives a relevant example of scope change. See item 1 of section 3.5 on https://www.first.org/cvss/v3.1/user-guide. So in this case attackers might gain access to another user's images, they do not get influence over more components of openstack (for example keystone or glance).
Dan, OK I agree with you on network exploitable.
The CVSS user gide gives a relevant example of scope change. See item 1 of section 3.5 on https:/ /www.first. org/cvss/ v3.1/user- guide. So in this case attackers might gain access to another user's images, they do not get influence over more components of openstack (for example keystone or glance).
Given this I'm leaning towards a score of 8.8 https:/ /www.first. org/cvss/ calculator/ 3.1#CVSS: 3.1/AV: N/AC:L/ PR:L/UI: N/S:U/C: H/I:H/A: H