I don't have any objections to changing this to public, we can wait for another core to vote as well.
The reason I say this is because in order for an attacker to carry this out easily they must know the network ID of the victim, which is only available with admin credentials.
I was able to reproduce this and have a fix, needed to use del-header and set-header, but I now see the correct instance ID in the metadata request forwarded to nova.
I don't have any objections to changing this to public, we can wait for another core to vote as well.
The reason I say this is because in order for an attacker to carry this out easily they must know the network ID of the victim, which is only available with admin credentials.
I was able to reproduce this and have a fix, needed to use del-header and set-header, but I now see the correct instance ID in the metadata request forwarded to nova.