OpenStack Security Advisory

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1256983
Comment #23

Comment 23 for bug 1256983

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-14: Fix merged to heat (stable/havana)

#23

Reviewed: https://review.openstack.org/61456
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=22f4fdafc0ac5cf86bd3b87faace5175fb8dc2c2
Submitter: Jenkins
Branch: stable/havana

commit 22f4fdafc0ac5cf86bd3b87faace5175fb8dc2c2
Author: Steven Hardy <email address hidden>
Date: Mon Dec 2 23:59:19 2013 +0000

Deny API requests where context doesn't match path

    We shouldn't overwrite the context tenant_id (which comes from the
    scope of the auth_token) with that from the path, instead raise a
    HTTPForbidden exception if the path-provided tenant_id doesn't match
    the context.

Change-Id: Ib6fb9881103312f7492081a20178f12309f35d81
Closes-Bug: #1256983