While I agree there is a non-negligible risk presented by this behavior, I don't see how a malicious actor could use this flaw to their advantage. As such, it doesn't seem like something for which the OpenStack Vulnerability Management Team would issue an official security advisory.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1422046 Title: cinder backup-list is always listing all tenants's bug for admin To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1422046/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
