User: Password:
Subscribe / Log in / New account

openstack-neutron: information disclosure

Package(s):openstack-neutron CVE #(s):CVE-2013-6419
Created:January 23, 2014 Updated:January 29, 2014

From the Red Hat advisory:

It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected. (CVE-2013-6419)

Red Hat RHSA-2014:0231-01 openstack-nova 2014-03-04
Red Hat RHSA-2014:0091-01 openstack-neutron 2014-01-22

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds