OpenStack Security Advisory

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1813007
Comment #50

Comment 50 for bug 1813007

Revision history for this message

Gage Hugo (gagehugo) wrote on 2019-04-04: Re: [SRU] Unable to install new flows on compute nodes when having broken security group rules

#50

Updated impact statement draft. If any of this information is incorrect, please feel free to correct and I will revise.

Title: Overlapping security group rules prevents compute node network configuration
Reporter: Diko Parvanov (Canonical)
Products: Neutron
Affects: >=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3

Description: Diko Parvanov (Canonical) reported a vulnerability in neutron-openvswitch-agent security group rules. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent neutron from being able to configure networks on any compute nodes where those security groups are present. All neutron deployments utilizing neutron-openvswitch-agent are affected.