Interaction Error in OpenStack Nova and Neutron Affects Tenant Metadata Access
CVE-2013-6419

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana
Vendor: CVE Published:; 7 January 2014

Summary

An interaction error in OpenStack Nova and Neutron allows remote tenants to gain unauthorized access to sensitive metadata. Specifically, the error arises from the lack of validation on the instance ID of the tenant making requests. This vulnerability enables attackers to spoof a device ID associated with a port, bypassing security measures in both Nova and Neutron's metadata handling scripts. As a result, unauthorized metadata access can lead to further exploitation of resources within the OpenStack environment.

References

http://www.securityfocus.com/bid/64250

vdb-entryx_refsource_BID

https://review.openstack.org/#/c/61428/2/nova/api/metadat...

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2014-0091.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Jan 7, 2014
Vulnerability Reserved
Nov 4, 2013