CVE-2017-15114
When libvirtd is configured by OSP director tripleo-heat-templates to use TLS transport, it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured, this allows these services to connect to libvirtd which is equivalent to root access...