[Bug 1422046] Re: cinder backup-list is always listing all tenants's bug for admin
Yves-Gwenael Bourhis
yves-gwenael.bourhis at cloudwatt.com
Mon Nov 9 19:32:12 UTC 2015
Indeed, I agree that there is no risk for a "malicious actor" to use this flow.
However there is a confirmed risk that an openstack admin can accidentally delete backups which he should not delete (and it DID happen, sadly...), when the admin is asked to launch scripts (ospurge) used to delete resources of customers who want to remove all their data...
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-cinderclient in Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
cinder backup-list is always listing all tenants's bug for admin
Status in OpenStack Dashboard (Horizon):
New
Status in ospurge:
Fix Committed
Status in OpenStack Security Advisory:
Incomplete
Status in python-cinderclient:
Fix Released
Status in python-cinderclient package in Ubuntu:
Confirmed
Bug description:
cinder backup-list doesn't support '--all-tenants' argument for admin
wright now. This lead to admin always getting all tenants's backups.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1422046/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list