Red Hat Security Advisory 2014-0091-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.
7a6024a5034a169ceae9763c64a8c54d3106efa99634fc821770cf61e9d34f55