Comment 2 for bug 1735554

I agree with Adam, this is not a current security bug. This is likely a Class B3 or Class D [1] and can be made public. The feature that is impacted is at best experimental / not fully implemented as Adam said.
I would like to have another core-sec weigh in though.

[1] https://security.openstack.org/vmt-process.html#incident-report-taxonomy