Comment 42 for bug 1235450
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Metadata is unsecure | #42 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Proposed impact description
--
Title: Router metadata queries are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron
Affects: All supported releases
Description:
Aaron Rosen from VMware reported a vulnerability in OpenStack Neutron. By guessing the instance_id or UUID of a tenant's router, another tenant may retrieve its metadata resulting in potential information disclosure. Only OpenStack setups running Neutron are affected.
--
I can't help but feel this is a little light on details. Anyone have any improvements to suggest before I request a CVE?