Lucene search

K
seebugRootSSV:61130
HistoryDec 16, 2013 - 12:00 a.m.

OpenStack Neutron/Nova信息泄漏漏洞

2013-12-1600:00:00
Root
www.seebug.org
18

0.004 Low

EPSS

Percentile

73.8%

Bugtraq ID:64250
CVE ID:CVE-2013-6419

OpenStack Neutron提供一套标准化流程以创建网络、向其中接入网络设备并添加可通过API加以管理的其它网络组件。OpenStack Nova提供虚拟计算服务。

OpenStack Neutron/Nova对端口绑定缺少授权,通过猜测instance_id,租户可获取到其他租户的元数据数据,导致敏感信息泄漏。
0
OpenStack Neutron/Nova
厂商补丁:

OpenStack

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Icehouse (development branch) fix:
https://review.openstack.org/61439 (neutron)
https://review.openstack.org/61428 (nova)
Havana fix:
https://review.openstack.org/61442 (neutron)
https://review.openstack.org/61435 (nova)
Grizzly fix:
https://review.openstack.org/61443 (neutron)
https://review.openstack.org/61437 (nova)

0.004 Low

EPSS

Percentile

73.8%