Comment 3 for bug 1784871

Unfortunately a public patch was pushed by the ScaleIO team to address this bug. We had been trying to work this through e-mail with the developer but this has now been slipped out of the Private VMT process.

The overall scope of this bug is limited to the ScaleIO driver and therefore will only impact Cinder users who are using that backend. That limits the impact of this vulnerability. With that said, users who do use the ScaleIO driver could get into a situation where they could see data from other tenants.

I think we should try to get this fixed ASAP now that the patch has been made public. Will defer to the VMT as to what all needs to be done as far as a security report, etc.