There's no obvious way to exploit it but history is littered with 'unexploitable vulnerabilities' that were later exploited. I'd like to see this follow the normal security process.
This is more a comment on general OpenStack security policy than on this specific issue - I believe that when a security vulnerability has been identified and verified it should be treated as a sensitive issue and fixed using the same process that's used when exploitation scenarios have been identified.
There's no obvious way to exploit it but history is littered with 'unexploitable vulnerabilities' that were later exploited. I'd like to see this follow the normal security process.
This is more a comment on general OpenStack security policy than on this specific issue - I believe that when a security vulnerability has been identified and verified it should be treated as a sensitive issue and fixed using the same process that's used when exploitation scenarios have been identified.