CVE Vulnerabilities

CVE-2019-10876

Published: Apr 05, 2019 | Modified: Aug 04, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

Affected Software

Name Vendor Start Version End Version
Neutron Openstack 11.0.0 (including) 11.0.7 (excluding)
Neutron Openstack 12.0.0 (including) 12.0.6 (excluding)
Neutron Openstack 13.0.0 (including) 13.0.3 (excluding)
Red Hat OpenStack Platform 13.0 (Queens) RedHat openstack-neutron-1:12.0.5-11.el7ost *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat openstack-neutron-1:13.0.3-0.20190313155649.00b63be.el7ost *
Neutron Ubuntu bionic *
Neutron Ubuntu cosmic *
Neutron Ubuntu esm-infra/bionic *
Neutron Ubuntu upstream *

References