neutron/releasenotes/notes/metadata-proxy-header-vulnerability-60c44eb7c76d560c.yaml
Brian Haley 5af046fd4e Remove extra header fields in proxied metadata requests
If a user specifies a header in their request for metadata,
it could override what the proxy would have inserted on their
behalf. Make sure to remove any headers we don't want, and
override something that might be present in the request.
If the agent somehow gets a request with both headers it will
silently drop it.

Change-Id: Id6c103b7bcebe441c27c6049d349d84ba7fd15a6
Closes-bug: #1865036
2020-03-02 11:20:25 -05:00

9 lines
346 B
YAML

---
security:
- |
A change was made to the metadata proxy to not allow a user to override
header values, it will now always insert the correct information and
remove unnecessary fields before sending requests to the metadata agent.
For more information, see bug
`1865036 <https://bugs.launchpad.net/neutron/+bug/1865036>`_.