1. I tested it in ocata version, i did configure it myself, though. I checked the source in newest version and it seems that vulnerable part of source code wasn't changed.
2. No, my testing stand allowed me to detach root disk from trove instance and to attach it to nova instance. This way i was able to read the credentials
But still, i think it's better to fix that, because it can be used as a post-exploitation technique, when attacker somehow can read mq credentials by exploiting vulnerable DB or invalid configured custom DB image.
1. I tested it in ocata version, i did configure it myself, though. I checked the source in newest version and it seems that vulnerable part of source code wasn't changed.
2. No, my testing stand allowed me to detach root disk from trove instance and to attach it to nova instance. This way i was able to read the credentials
But still, i think it's better to fix that, because it can be used as a post-exploitation technique, when attacker somehow can read mq credentials by exploiting vulnerable DB or invalid configured custom DB image.