Interaction Error in OpenStack Nova and Neutron Affects Tenant Metadata Access
CVE-2013-6419

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
7 January 2014

Summary

An interaction error in OpenStack Nova and Neutron allows remote tenants to gain unauthorized access to sensitive metadata. Specifically, the error arises from the lack of validation on the instance ID of the tenant making requests. This vulnerability enables attackers to spoof a device ID associated with a port, bypassing security measures in both Nova and Neutron's metadata handling scripts. As a result, unauthorized metadata access can lead to further exploitation of resources within the OpenStack environment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.