I can confirm that cross tenant metadata leaks are possible. The exploit requires that the instance_id be obtained or that a valid UUID is randomly guessed correctly. This will need to be fixed in Grizzly stable and the Havana RC and we've got a team to discuss and work on a fix.
I can confirm that cross tenant metadata leaks are possible. The exploit requires that the instance_id be obtained or that a valid UUID is randomly guessed correctly. This will need to be fixed in Grizzly stable and the Havana RC and we've got a team to discuss and work on a fix.