diff --git a/manila/db/sqlalchemy/api.py b/manila/db/sqlalchemy/api.py
index 2da3922062..3a5e8d1653 100644
--- a/manila/db/sqlalchemy/api.py
+++ b/manila/db/sqlalchemy/api.py
@@ -3275,7 +3275,8 @@ def _security_service_get_query(context, session=None):
 def _network_get_query(context, session=None):
     if session is None:
         session = get_session()
-    return (model_query(context, models.ShareNetwork, session=session).
+    return (model_query(context, models.ShareNetwork, session=session,
+                        project_only=True).
             options(joinedload('share_instances'),
                     joinedload('security_services'),
                     joinedload('share_servers')))
diff --git a/manila/tests/db/sqlalchemy/test_api.py b/manila/tests/db/sqlalchemy/test_api.py
index 530242dff9..e6e7a1b517 100644
--- a/manila/tests/db/sqlalchemy/test_api.py
+++ b/manila/tests/db/sqlalchemy/test_api.py
@@ -1915,7 +1915,7 @@ class ShareNetworkDatabaseAPITestCase(BaseDatabaseAPITestCase):
         share_nw_dict2['project_id'] = 'fake project 2'
         result1 = db_api.share_network_create(self.fake_context,
                                               self.share_nw_dict)
-        result2 = db_api.share_network_create(self.fake_context,
+        result2 = db_api.share_network_create(self.fake_context.elevated(),
                                               share_nw_dict2)
 
         self._check_fields(expected=self.share_nw_dict, actual=result1)
@@ -1948,6 +1948,33 @@ class ShareNetworkDatabaseAPITestCase(BaseDatabaseAPITestCase):
         self.assertEqual(0, len(result['share_instances']))
         self.assertEqual(0, len(result['security_services']))
 
+    def _create_share_network_for_project(self, project_id):
+        ctx = context.RequestContext(user_id='fake user',
+                                     project_id=project_id,
+                                     is_admin=False)
+
+        share_data = self.share_nw_dict.copy()
+        share_data['project_id'] = project_id
+
+        db_api.share_network_create(ctx, share_data)
+        return share_data
+
+    def test_get_other_tenant_as_admin(self):
+        expected = self._create_share_network_for_project('fake project 2')
+        result = db_api.share_network_get(self.fake_context.elevated(),
+                                          self.share_nw_dict['id'])
+
+        self._check_fields(expected=expected, actual=result)
+        self.assertEqual(0, len(result['share_instances']))
+        self.assertEqual(0, len(result['security_services']))
+
+    def test_get_other_tenant(self):
+        self._create_share_network_for_project('fake project 2')
+        self.assertRaises(exception.ShareNetworkNotFound,
+                          db_api.share_network_get,
+                          self.fake_context,
+                          self.share_nw_dict['id'])
+
     @ddt.data([{'id': 'fake share id1'}],
               [{'id': 'fake share id1'}, {'id': 'fake share id2'}],)
     def test_get_with_shares(self, shares):
@@ -2043,25 +2070,30 @@ class ShareNetworkDatabaseAPITestCase(BaseDatabaseAPITestCase):
             share_network_dict.update({'id': fake_id,
                                        'neutron_subnet_id': fake_id})
             share_networks.append(share_network_dict)
-            db_api.share_network_create(self.fake_context, share_network_dict)
+            db_api.share_network_create(self.fake_context.elevated(),
+                                        share_network_dict)
             index += 1
 
-        result = db_api.share_network_get_all(self.fake_context)
+        result = db_api.share_network_get_all(self.fake_context.elevated())
 
         self.assertEqual(len(share_networks), len(result))
         for index, net in enumerate(share_networks):
             self._check_fields(expected=net, actual=result[index])
 
     def test_get_all_by_project(self):
+        db_api.share_network_create(self.fake_context, self.share_nw_dict)
+
         share_nw_dict2 = dict(self.share_nw_dict)
         share_nw_dict2['id'] = 'fake share nw id2'
         share_nw_dict2['project_id'] = 'fake project 2'
         share_nw_dict2['neutron_subnet_id'] = 'fake subnet id2'
-        db_api.share_network_create(self.fake_context, self.share_nw_dict)
-        db_api.share_network_create(self.fake_context, share_nw_dict2)
+        new_context = context.RequestContext(user_id='fake user 2',
+                                             project_id='fake project 2',
+                                             is_admin=False)
+        db_api.share_network_create(new_context, share_nw_dict2)
 
         result = db_api.share_network_get_all_by_project(
-            self.fake_context,
+            self.fake_context.elevated(),
             share_nw_dict2['project_id'])
 
         self.assertEqual(1, len(result))
diff --git a/releasenotes/notes/bug-1861485-fix-share-network-retrieval-31768dcda5aeeaaa.yaml b/releasenotes/notes/bug-1861485-fix-share-network-retrieval-31768dcda5aeeaaa.yaml
new file mode 100644
index 0000000000..ca9abae7d2
--- /dev/null
+++ b/releasenotes/notes/bug-1861485-fix-share-network-retrieval-31768dcda5aeeaaa.yaml
@@ -0,0 +1,7 @@
+---
+security:
+  - |
+    CVE-2020-9543: An issue with share network retrieval has been addressed
+    in the API by scoping unprivileged access to project only. Please see
+    `launchpad bug #1861485 <https://bugs.launchpad
+    .net/manila/+bug/1861485>`_ for more details.