Jeremy Stanley of the OpenStack Project reports: Aaron Rosen from VMware reported a vulnerability in the metadata access from OpenStack Neutron to Nova. Because of a missing authorization check on port binding, by guessing an instance_id a tenant may retrieve another tenant's metadata resulting in information disclosure. Only OpenStack setups running neutron-metadata-agent are affected.
Created attachment 833732 [details] cve-2013-6419-neutron-master-icehouse.patch
Created attachment 833733 [details] cve-2013-6419-neutron-stable-grizzly.patch
Created attachment 833734 [details] cve-2013-6419-neutron-stable-havana.patch
Created attachment 833735 [details] cve-2013-6419-nova-master-icehouse.patch
Created attachment 833736 [details] cve-2013-6419-nova-stable-grizzly.patch
Created attachment 833737 [details] cve-2013-6419-nova-stable-havana.patch
Acknowledgements: Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Aaron Rosen of VMware as the original reporter.
This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0091 https://rhn.redhat.com/errata/RHSA-2014-0091.html
This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html