CVE-2014-3517

Published: Aug 7, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.

Affected (3)

Products: Openstack: Nova

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Nova	From 2013.2 to 2013.2.4
Openstack Nova	From 2014.1 to 2014.1.2
Openstack Nova	Version 2014.2.0 milestone1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.openwall.com/lists/oss-security/2014/07/17/2

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugs.launchpad.net/nova/+bug/1325128

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/07/17/2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://bugs.launchpad.net/nova/+bug/1325128

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.