24 lines
1.2 KiB
YAML
24 lines
1.2 KiB
YAML
---
|
|
critical:
|
|
- |
|
|
[`bug 1855080 <https://bugs.launchpad.net/keystone/+bug/1855080>`_]
|
|
An error in the policy target filtering inadvertently allowed any user to
|
|
list any credential object with the /v3/credentials API when
|
|
``[oslo_policy]/enforce_scope`` was set to false, which is the default.
|
|
This has been addressed: users with non-admin roles on a project may not
|
|
list other users' credentials. However, users with the admin role on a
|
|
project may still list any users credentials when
|
|
``[oslo_policy]/enforce_scope`` is false due to `bug 968696
|
|
<https://bugs.launchpad.net/keystone/+bug/968696>`_.
|
|
security:
|
|
- |
|
|
[`bug 1855080 <https://bugs.launchpad.net/keystone/+bug/1855080>`_]
|
|
An error in the policy target filtering inadvertently allowed any user to
|
|
list any credential object with the /v3/credentials API when
|
|
``[oslo_policy]/enforce_scope`` was set to false, which is the default.
|
|
This has been addressed: users with non-admin roles on a project may not
|
|
list other users' credentials. However, users with the admin role on a
|
|
project may still list any users credentials when
|
|
``[oslo_policy]/enforce_scope`` is false due to `bug 968696
|
|
<https://bugs.launchpad.net/keystone/+bug/968696>`_.
|