Proposed impact description
--
Title: Router metadata queries are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron
Affects: All supported releases
Description:
Aaron Rosen from VMware reported a vulnerability in OpenStack Neutron. By guessing the instance_id or UUID of a tenant's router, another tenant may retrieve its metadata resulting in potential information disclosure. Only OpenStack setups running Neutron are affected.
--
I can't help but feel this is a little light on details. Anyone have any improvements to suggest before I request a CVE?
Proposed impact description
--
Title: Router metadata queries are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron
Affects: All supported releases
Description:
Aaron Rosen from VMware reported a vulnerability in OpenStack Neutron. By guessing the instance_id or UUID of a tenant's router, another tenant may retrieve its metadata resulting in potential information disclosure. Only OpenStack setups running Neutron are affected.
--
I can't help but feel this is a little light on details. Anyone have any improvements to suggest before I request a CVE?