While I agree there is a non-negligible risk presented by this behavior, I don't see how a malicious actor could use this flaw to their advantage. As such, it doesn't seem like something for which the OpenStack Vulnerability Management Team would issue an official security advisory.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cinderclient in Ubuntu. https://bugs.launchpad.net/bugs/1422046 Title: cinder backup-list is always listing all tenants's bug for admin To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1422046/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs