CVE-2013-6419

Nova: Metadata queries from Neutron to Nova are not restricted by tenant

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

Error de interacción en OpenStack Nova y Neutron anteriores a Havana 2013.2.1 e icehouse-1 no valida el ID de la instancia del inquilino haciendo una petición, lo cual permite a inquilinos remotos obtener metadatos sensibles falseando el ID del dispositivo ligado a un puerto, lo cual no es manejado adecuadamente por (1) api/metadata/handler.py en Nova y (2) el neutron-metadata-agent (agent/metadata/agent.py) en Neutron.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-11-04 CVE Reserved
2014-01-07 CVE Published
2023-08-20 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (9)

URL	Tag	Source
http://www.securityfocus.com/bid/64250	Vdb Entry
https://bugs.launchpad.net/neutron/+bug/1235450	X_refsource_confirm
https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py	X_refsource_misc
https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py	X_refsource_misc

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2013/12/11/8	2014-03-08

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2014-0091.html	2014-03-08
http://rhn.redhat.com/errata/RHSA-2014-0231.html	2014-03-08
https://access.redhat.com/security/cve/CVE-2013-6419	2014-03-04
https://bugzilla.redhat.com/show_bug.cgi?id=1039148	2014-03-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Havana Search vendor "Openstack" for product "Havana"				<= havana-1 Search vendor "Openstack" for product "Havana" and version " <= havana-1"		-		Affected