CVE-2013-6419

medium

Published 2022-05-17 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.0

Description

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2013-6419 NameCVE-2013-6419 DescriptionInteraction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the…

CVE-2013-6419

Name	CVE-2013-6419
Description	Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
neutron (PTS)	bullseye (security), bullseye	2:17.2.1-0+deb11u1	fixed
	bookworm	2:21.0.0-7	fixed
	trixie	2:26.0.0-9	fixed
	forky	2:27.0.1-6	fixed
	sid	2:28.0.0-6	fixed
nova (PTS)	bullseye	2:22.0.1-2+deb11u1	fixed
	bullseye (security)	2:22.4.0-1~deb11u7	fixed
	bookworm, bookworm (security)	2:26.2.2-1~deb12u4	fixed
	trixie (security), trixie	2:31.0.0-6+deb13u2	fixed
	forky, sid	2:33.0.1-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
neutron	source	(unstable)	2013.2.1-1
nova	source	wheezy	(not affected)
nova	source	(unstable)	2013.2.1-1

Notes

[wheezy] - nova <not-affected> (Only exploitable in combination in neutron, not in Wheezy)
https://launchpad.net/bugs/1235450

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

[wheezy] - nova <not-affected> (Only exploitable in combination in neutron, not in Wheezy)https://launchpad.net/bugs/1235450

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2013.2.1-1`
sid	Fixed	`2013.2.1-1`
forky	Fixed	`2013.2.1-1`
bullseye	Fixed	`2013.2.1-1`
bookworm	Fixed	`2013.2.1-1`

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	nova	`<12.0.0a0`	`12.0.0a0`

Application impact

Vendor	Product	Versions	Fixed
openstack	havana	`{"endIncluding":"havana-1"}`

References

CWEs

CWE-200

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.