Comment 2 for bug 1524675

Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.

Note that information disclosure only in "DEBUG" level logging (class B3 in our taxonomy at https://security.openstack.org/vmt-process.html#incident-report-taxonomy ) is treated as a security hardening opportunity by the OpenStack Vulnerability Management Team, not an exploitable vulnerability, and as such does not generally result in publication of an official advisory nor any request for CVE assignment.

There is also the open question of whether this is a vulnerability in the core of Neutron or within one of the advanced services projects (VMT coverage for the latter has yet to be discussed).