yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1422046] Re: cinder backup-list is always listing all tenants's bug for admin

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Tue, 10 Nov 2015 14:40:16 -0000
Reply-to: Bug 1422046 <1422046@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Correct, we consider that latter case a "security hardening opportunity"
and I'm triaging this report as one now (class D in our taxonomy
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
). Depending on severity and available time from editors in the Security
Team, these sorts of issues sometimes get an OpenStack Security Note
published (OSSN rather than OSSA).

** Changed in: ossa
       Status: Incomplete => Won't Fix

** Information type changed from Public Security to Public

** Tags added: security

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1422046

Title:
  cinder backup-list is always listing all tenants's bug for admin

Status in OpenStack Dashboard (Horizon):
  New
Status in ospurge:
  Fix Committed
Status in OpenStack Security Advisory:
  Won't Fix
Status in python-cinderclient:
  Fix Released
Status in python-cinderclient package in Ubuntu:
  Confirmed

Bug description:
  cinder backup-list doesn't support '--all-tenants' argument for admin
  wright now. This lead to admin always getting all tenants's backups.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1422046/+subscriptions