CVE-2013-6419

Openstack Havana < havana-1 - Information Disclosure

Title source: rule

Description

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

References (7)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0091.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0231.html

[Patch] http://www.openwall.com/lists/oss-security/2013/12/11/8

[Issue Tracking] https://bugs.launchpad.net/neutron/+bug/1235450

[Various Sources] https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py

[Various Sources] https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64250

Scores

EPSS 0.0056

EPSS Percentile 68.0%

Classification

CWE

CWE-200

Status draft

Affected Products (2)

openstack/havana < havana-1

pypi/nova < 12.0.0a0PyPI

Timeline

Published Jan 07, 2014

Tracked Since Feb 18, 2026