Discussed in IRC[0] - conclusion is this is a Valid bug but there is no
reasonable attack vector (the data could be used in determining whom to
attempt to gain access to, but does not provide any means of direct
attack). The data is *NOT* intended to be public but is not really
explicitly private/p
I concur with the class C1 suggestion here. Generally OpenStack's VMT
has considered any theoretical vulnerability which depends on direct
brute-forcing or guessing the UUID space as impractical, but still
possibly a security hardening opportunity.
** Information type changed from Public Security
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
3 matches
Mail list logo