cinder backup-list is always listing all tenants's bug for admin in V1 api
Bug #1514396 reported by
Cyril Feraudet
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
ospurge |
Invalid
|
Undecided
|
Unassigned | ||
python-cinderclient |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
This is a security issue cause it leads to deleting all production backups when logged as admin
information type: | Private Security → Public Security |
Changed in ospurge: | |
status: | New → Confirmed |
Changed in python-cinderclient: | |
status: | New → Confirmed |
information type: | Public Security → Public |
tags: | added: security |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.