Comment 49 for bug 1235450
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Metadata is unsecure | #49 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
Ahh, got it. I didn't realize each tenant had only one distinct Nova instance_id and assumed that was per server (or router, a Neutron router is really just a Nova managed server right?). Presumably the requirement of binding the target instance_id to a port as mentioned in the bug description is still valid for this issue? I also get the impression that Neutron queries Nova for metadata but Nova does not query Neutron, correct? Another try...
--------
Title: Metadata queries from Neutron to Nova are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron, Nova
Affects: All supported releases
Description:
Aaron Rosen from VMware reported a vulnerability in the metadata access from OpenStack Neutron to Nova. Because of a missing authorization check on port binding, by guessing an instance_id a tenant may retrieve another tenant's metadata resulting in information disclosure. Only OpenStack setups running neturon-