Comment 11 for bug 1872733
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Since exploiting this depends on the attacker obtaining a UUID to which they should not normally have access, the VMT would typically consider this a class C1 report:
https:/
As such, it shouldn't warrant the overhead of an embargo process and would be fine finishing in public instead. Does anyone disagree with that assessment?