Thanks David for confirming the bug on Horizon project!
Now for the OSSA part, should we keep this under embargo and does this qualify as a DOS attack vector ?
Considering there is no amplification and that one connection results in one database entry I would triage this as class D bug (according to our new taxonomy described here: https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy )...
Thought ?
Thanks David for confirming the bug on Horizon project!
Now for the OSSA part, should we keep this under embargo and does this qualify as a DOS attack vector ?
Considering there is no amplification and that one connection results in one database entry I would triage this as class D bug (according to our new taxonomy described here: https:/ /wiki.openstack .org/wiki/ Vulnerability_ Management# Incident_ report_ taxonomy )...
Thought ?