Information disclosure in Openstack Nova

CVE-2014-3517

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via…

Vulnerability class: Information Disclosure

EPSS: 0.004 (61.0th percentile) — read the EPSS interpretation.

Affected products

Openstack Nova — versions 2014.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

[oss-security] 20140717 [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517) (mailing-list, x_refsource_MLIST, Patch, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)