I've gone ahead and marked the OpenStack Security Advisory task to Won't Fix. Since swauth isn't an official OpenStack deliverable, this is probably closest to report class C2 for the OpenStack VMT (A vulnerability, but not in OpenStack supported code, e.g., in a dependency): https://security.openstack.org/vmt-process.html#incident-report-taxonomy
I've gone ahead and marked the OpenStack Security Advisory task to Won't Fix. Since swauth isn't an official OpenStack deliverable, this is probably closest to report class C2 for the OpenStack VMT (A vulnerability, but not in OpenStack supported code, e.g., in a dependency): https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy