OSSA-2013-033: Metadata queries from Neutron to Nova are not restricted by tenant¶

Date:: December 11, 2013
CVE:: CVE-2013-6419

Affects¶

Neutron: All supported releases
Nova: All supported releases

Description¶

Aaron Rosen from VMware reported a vulnerability in the metadata access from OpenStack Neutron to Nova. Because of a missing authorization check on port binding, by guessing an instance_id a tenant may retrieve another tenant’s metadata resulting in information disclosure. Only OpenStack setups running neutron-metadata-agent are affected.

Patches¶

https://review.openstack.org/#/c/61443 (Grizzly)
https://review.openstack.org/#/c/61437 (Grizzly)
https://review.openstack.org/#/c/61442 (Havana)
https://review.openstack.org/#/c/61435 (Havana)
https://review.openstack.org/#/c/61439 (Icehouse)
https://review.openstack.org/#/c/61428 (Icehouse)

Credits¶

Aaron Rosen from VMware (CVE-2013-6419)

References¶

https://launchpad.net/bugs/1235450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419

OSSA-2013-033: Metadata queries from Neutron to Nova are not restricted by tenant