I'm inclined to classify this as a security hardening opportunity, since there are likely countless ways a server instance can hammer the metadata API and connecting networks, and the offending system can be readily identified and disabled by operators. The security impact also obviously only impacts environments which expose the metadata service, so is not a risk for those providing only configdrive.
I'm inclined to classify this as a security hardening opportunity, since there are likely countless ways a server instance can hammer the metadata API and connecting networks, and the offending system can be readily identified and disabled by operators. The security impact also obviously only impacts environments which expose the metadata service, so is not a risk for those providing only configdrive.