45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
date: 2019-04-08
|
|
|
|
id: OSSA-2019-002
|
|
|
|
title: Overlapping security group rules prevents compute node network configuration
|
|
|
|
description: >
|
|
Diko Parvanov (Canonical) reported a vulnerability in
|
|
neutron-openvswitch-agent security group rules. By creating
|
|
two security groups with separate/overlapping port ranges, an
|
|
authenticated user may prevent neutron from being able to configure
|
|
networks on any compute nodes where those security groups are
|
|
present. All neutron deployments utilizing
|
|
neutron-openvswitch-agent are affected.
|
|
|
|
|
|
affected-products:
|
|
- product: neutron
|
|
version: '>=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3'
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2019-10876
|
|
|
|
reporters:
|
|
- name: Diko Parvanov
|
|
affiliation: Canonical
|
|
reported:
|
|
- CVE-2019-10876
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1813007
|
|
|
|
reviews:
|
|
pike:
|
|
- https://review.openstack.org/648102
|
|
queens:
|
|
- https://review.openstack.org/648004
|
|
rocky:
|
|
- https://review.openstack.org/648003
|
|
stein:
|
|
- https://review.openstack.org/648002
|
|
train:
|
|
- https://review.openstack.org/640252
|