This sounds like a classic "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" ( https://cwe.mitre.org/data/definitions/601.html ) so probably a class A vulnerability report per https://security.openstack.org/vmt-process.html#incident-report-taxonomy if it can be cleanly patched on all affected stable branches.
This sounds like a classic "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" ( https:/ /cwe.mitre. org/data/ definitions/ 601.html ) so probably a class A vulnerability report per https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy if it can be cleanly patched on all affected stable branches.