Interaction Error in OpenStack Nova and Neutron Affects Tenant Metadata Access
CVE-2013-6419
Currently unrated
Summary
An interaction error in OpenStack Nova and Neutron allows remote tenants to gain unauthorized access to sensitive metadata. Specifically, the error arises from the lack of validation on the instance ID of the tenant making requests. This vulnerability enables attackers to spoof a device ID associated with a port, bypassing security measures in both Nova and Neutron's metadata handling scripts. As a result, unauthorized metadata access can lead to further exploitation of resources within the OpenStack environment.
References
Timeline
Vulnerability published
Vulnerability Reserved