GitHub Advisory DatabaseGHSA-6XC7-4CX8-J3XCOpenStack Nova-LXD bypass security restrictions
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
Affected configurations
References
www.openwall.com/lists/oss-security/2017/02/09/3
www.ubuntu.com/usn/USN-3195-1
bugs.launchpad.net/nova-lxd/+bug/1656847
github.com/advisories/GHSA-6xc7-4cx8-j3xc
github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
nvd.nist.gov/vuln/detail/CVE-2017-5936
web.archive.org/web/20200227193915/www.securityfocus.com/bid/96182
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%