CVE-2013-6419 — OpenStack Nova Router metadata queries are not restricted by tenant

Description

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

How to fix CVE-2013-6419

To remediate CVE-2013-6419, upgrade the affected package to a fixed version below.

Debian/neutron—upgrade to 2013.2.1-1 or later
—upgrade to 2013.2.1-1 or later
—upgrade to 12.0.0a0 or later

Is CVE-2013-6419 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2013.2.1-1
from 0, < 2013.2.1-1
from 0, < 12.0.0a0

References (13)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-6419
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-6419
PATCHgithub.com/openstack/nova
WEBrhn.redhat.com/errata/RHSA-2014-0091.html
WEBrhn.redhat.com