shwstppr commented on issue #12523: URL: https://github.com/apache/cloudstack/issues/12523#issuecomment-3851214223
@winterhazel while in most cases ROOT admin will have access to the system as well (underlying server), but there can be cases when ROOT admin is just the CloudStack admin. In those cases, a non-hidden config can be changed by this CloudStack admin and the system can be under security risk as highlighted by the CVE for which this setting was introduced. There could be better means to alter such configs, but for no,w ACS provides only the hidden configs -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
