Alex-Gaynor

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions prior to 2013.2.4 OpenStack Compute (Nova) versions 2014.x prior to 2014.1.2 OpenStack Compute (Nova) Juno versions prior to Juno-2 **Description** The issue makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. This occurs when proxying metadata requests through Neutron. **Recommendations** For versions prior to 2013.2.4, update to version 2013.2.4 or later. For versions 2014.x prior to 2014.1.2, update to version 2014.1.2 or later. For Juno versions prior to Juno-2, update to Juno-2 or later.