Comment 7 for bug 1638312

No CVE has been assigned, and in fact it seems only Amazon Linux was vulnerable, because Ubuntu and others were using an API version for instance metadata that did not include IAM instance credentials.