Title: Information leak in Nova private flavors
Reporter: hzrandd (NetEase)
Products: Nova
Affects: All versions
hzrandd from NetEase reported an information leak vulnerability in
Nova's handling of private flavors. Any tenant is able to show and
boot any other tenant's private flavors by guessing the flavor ID,
exposing its name, memory and disk size, swap allocation, VCPU count
and similar flavor properties.
(...obviously replacing above with whatever citation hzrandd requests)
Proposed impact description...
Title: Information leak in Nova private flavors
Reporter: hzrandd (NetEase)
Products: Nova
Affects: All versions
hzrandd from NetEase reported an information leak vulnerability in
Nova's handling of private flavors. Any tenant is able to show and
boot any other tenant's private flavors by guessing the flavor ID,
exposing its name, memory and disk size, swap allocation, VCPU count
and similar flavor properties.
(...obviously replacing above with whatever citation hzrandd requests)