Comment 9 for bug 1838473

Based on discussion between members of the VMT and others in the OpenStack Security SIG during the 2023.1 PTG, it appears that any fixes will depend on non-backportable default behavior or configuration changes. An OSSN might be warranted, but we wouldn't likely issue a security advisory about this, class B1 in our report taxonomy: https://security.openstack.org/vmt-process.html#report-taxonomy