Add OSSA-2019-002 (CVE-2019-10876)
Depends-On: https://review.openstack.org/#/c/650930/ Change-Id: I17b766efdbd63cfc6cdfc03a94f60911dd7acc9d
This commit is contained in:
Gage Hugo
44
ossa/OSSA-2019-002.yaml
Normal file
44
ossa/OSSA-2019-002.yaml
Normal file
@@ -0,0 +1,44 @@
|
|||||||
|
date: 2019-04-08
|
||||||
|
|
||||||
|
id: OSSA-2019-002
|
||||||
|
|
||||||
|
title: Overlapping security group rules prevents compute node network configuration
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Diko Parvanov (Canonical) reported a vulnerability in
|
||||||
|
neutron-openvswitch-agent security group rules. By creating
|
||||||
|
two security groups with separate/overlapping port ranges, an
|
||||||
|
authenticated user may prevent neutron from being able to configure
|
||||||
|
networks on any compute nodes where those security groups are
|
||||||
|
present. All neutron deployments utilizing
|
||||||
|
neutron-openvswitch-agent are affected.
|
||||||
|
|
||||||
|
|
||||||
|
affected-products:
|
||||||
|
- product: neutron
|
||||||
|
version: '>=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3'
|
||||||
|
|
||||||
|
vulnerabilities:
|
||||||
|
- cve-id: CVE-2019-10876
|
||||||
|
|
||||||
|
reporters:
|
||||||
|
- name: Diko Parvanov
|
||||||
|
affiliation: Canonical
|
||||||
|
reported:
|
||||||
|
- CVE-2019-10876
|
||||||
|
|
||||||
|
issues:
|
||||||
|
links:
|
||||||
|
- https://launchpad.net/bugs/1813007
|
||||||
|
|
||||||
|
reviews:
|
||||||
|
pike:
|
||||||
|
- https://review.openstack.org/648102
|
||||||
|
queens:
|
||||||
|
- https://review.openstack.org/648004
|
||||||
|
rocky:
|
||||||
|
- https://review.openstack.org/648003
|
||||||
|
stein:
|
||||||
|
- https://review.openstack.org/648002
|
||||||
|
train:
|
||||||
|
- https://review.openstack.org/640252
|
||||||
Reference in New Issue
Block a user