Comment 4 for bug 1235450
Revision history for this message
| Mark McClain (markmcclain) wrote Re: Metadata is unsecure | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
I can confirm that cross tenant metadata leaks are possible. The exploit requires that the instance_id be obtained or that a valid UUID is randomly guessed correctly. This will need to be fixed in Grizzly stable and the Havana RC and we've got a team to discuss and work on a fix.