Skip to content

OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Moderate severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Feb 13, 2023

Package

pip nova (pip)

Affected versions

< 2013.2.4
>= 2014.0.0, < 2014.1.2

Patched versions

2013.2.4
2014.1.2

Description

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.

References

Published by the National Vulnerability Database Aug 7, 2014
Published to the GitHub Advisory Database May 14, 2022
Reviewed Feb 8, 2023
Last updated Feb 13, 2023

Severity

Moderate

EPSS score

0.308%
(71st percentile)

Weaknesses

CVE ID

CVE-2014-3517

GHSA ID

GHSA-xjmj-p278-4jp5

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.