CVE-2015-5249 have been assigned for the puppet miss-configuration of swift.
For the swift make_pre_auth_env issue, only user with r/w can abused it right ? It sounds like this can be fixed after the puppet-swift become public.
Before picking a disclosure date, are we sure other modules don't have a similar issue (as mentioned in comment #2) ?
CVE-2015-5249 have been assigned for the puppet miss-configuration of swift.
For the swift make_pre_auth_env issue, only user with r/w can abused it right ? It sounds like this can be fixed after the puppet-swift become public.
Before picking a disclosure date, are we sure other modules don't have a similar issue (as mentioned in comment #2) ?