Thanks cmurphy for the quick fix, looks good and works for me locally.
With the verification here and fix, this is looking like a Class A vulnerability according to the VMT taxonomy[0]. Even with the requirement to know/guess UUIDs, this looks to be something that is exploitable by any authenticated user.
Thanks cmurphy for the quick fix, looks good and works for me locally.
With the verification here and fix, this is looking like a Class A vulnerability according to the VMT taxonomy[0]. Even with the requirement to know/guess UUIDs, this looks to be something that is exploitable by any authenticated user.
[0] https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy