{"id":"CVE-2013-6419","details":"Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.","aliases":["GHSA-22w9-j288-8p9w"],"modified":"2026-01-27T04:11:50.288634Z","published":"2014-01-07T18:55:06Z","withdrawn":"2026-01-27T04:11:50.288634Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0091.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2013/12/11/8"},{"type":"WEB","url":"http://www.securityfocus.com/bid/64250"},{"type":"WEB","url":"https://bugs.launchpad.net/neutron/+bug/1235450"},{"type":"WEB","url":"https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py"},{"type":"WEB","url":"https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py"}],"schema_version":"1.7.3"}