api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2014/07/17/2 | Patch Third Party Advisory |
https://bugs.launchpad.net/nova/+bug/1325128 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. |
02 Feb 2023, 20:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron. | |
References |
|
Information
Published : 2014-08-07 11:13
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3517
Mitre link : CVE-2014-3517
CVE.ORG link : CVE-2014-3517
JSON object : View
Products Affected
openstack
- nova
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor