Comment 47 for bug 1235450

Revised impact description (thanks Aaron and Grant!)
--
Title: Router metadata queries are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron, Nova
Affects: All supported releases

Description:
Aaron Rosen from VMware reported a vulnerability in the metadata access from OpenStack Neutron to Nova. Because of a missing authorization check on port binding, by guessing the instance_id of a tenant's router another tenant may retrieve its metadata resulting in information disclosure. Only OpenStack setups running neturon-metadata-agent or quantum-metadata-agent are affected.