Comment 2 for bug 1674191

Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.

This seems like a known behavior already documented in the security guide: https://docs.openstack.org/security-guide/object-storage.html#first-thing-to-secure-the-network . Issues around management network are usually triaged as class C1 according to VMT's taxonomy ( https://security.openstack.org/vmt-process.html#incident-report-taxonomy ).