tripleo-heat-templates is vulnerable to spoofing of metadata requests. It is due to having the bad default setting of a blank value for the NeutronMetadataProxySharedSecret parameter when it is deployed from the command line interface. Not setting the value to this parameter means Neutron does not prevent spoofing, allowing attackers to spoof OpenStack Networking metadata requests.
access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/release-notes
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1231885
bugzilla.redhat.com/show_bug.cgi?id=1241434
bugzilla.redhat.com/show_bug.cgi?id=1245737
bugzilla.redhat.com/show_bug.cgi?id=1252083
bugzilla.redhat.com/show_bug.cgi?id=1259084
bugzilla.redhat.com/show_bug.cgi?id=1260776
bugzilla.redhat.com/show_bug.cgi?id=1261863
bugzilla.redhat.com/show_bug.cgi?id=1262425
bugzilla.redhat.com/show_bug.cgi?id=1265714
bugzilla.redhat.com/show_bug.cgi?id=1266910
bugzilla.redhat.com/show_bug.cgi?id=1267558
bugzilla.redhat.com/show_bug.cgi?id=1267855
bugzilla.redhat.com/show_bug.cgi?id=1268415
bugzilla.redhat.com/show_bug.cgi?id=1271692
bugzilla.redhat.com/show_bug.cgi?id=1272347
bugzilla.redhat.com/show_bug.cgi?id=1272357
bugzilla.redhat.com/show_bug.cgi?id=1275324
bugzilla.redhat.com/show_bug.cgi?id=1275812
bugzilla.redhat.com/show_bug.cgi?id=1281460
bugzilla.redhat.com/show_bug.cgi?id=1284914
bugzilla.redhat.com/show_bug.cgi?id=1285079
bugzilla.redhat.com/show_bug.cgi?id=1285363
bugzilla.redhat.com/show_bug.cgi?id=1285485
bugzilla.redhat.com/show_bug.cgi?id=1287624
bugzilla.redhat.com/show_bug.cgi?id=1290582
bugzilla.redhat.com/show_bug.cgi?id=1290796
rhn.redhat.com/errata/RHSA-2015-2650.html