Lucene search
CVE-2013-6419
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, allowing remote tenants to obtain sensitive metadata
Show more
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | (RHSA-2014:0091) Moderate: openstack-neutron security, bug fix, and enhancement update | 22 Jan 201400:00 | – | redhat |
| (RHSA-2014:0231) Moderate: openstack-nova security and bug fix update | 4 Mar 201400:00 | – | redhat |
 | Design/Logic Flaw | 7 Jan 201418:55 | – | prion |
 | Information Disclosure | 15 Jan 201908:57 | – | veracode |
| Privilege Escalation | 2 May 201904:57 | – | veracode |
| Infomation Disclosure | 2 May 201904:57 | – | veracode |
| Denial Of Service (DoS) | 2 May 201904:57 | – | veracode |
 | OpenStack Nova Router metadata queries are not restricted by tenant | 17 May 202204:50 | – | github |
 | CVE-2013-6419 | 7 Jan 201418:55 | – | nvd |
 | RHSA-2014:0091 Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update | 15 Sep 202421:18 | – | osv |
10
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| instance_id | path | /api/metadata/handler.py | OpenStack Nova exposes an endpoint that allows tenants to access sensitive metadata related to other tenants' instances by spoofing instance IDs. | CWE-200 |
| instance_id | path | /agent/metadata/agent.py | OpenStack Neutron metadata agent allows access to sensitive tenant information despite insufficient validation of instance IDs. | CWE-200 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo07 Jan 2014 18:55Current
6.2Medium risk
Vulners AI Score6.2
CVSS25
EPSS0.00455