Lucene search
Ubuntu.comUB:CVE-2014-0071HistoryApr 17, 2014 - 12:00 a.m.
CVE-2014-0071
2014-04-1700:00:00
ubuntu.com
ubuntu.com
10
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.003
Percentile
65.3%
PackStack in Red Hat OpenStack 4.0 does not enforce the default security
groups when deployed to Neutron, which allows remote attackers to bypass
intended access restrictions and make unauthorized connections.
Bugs
- <https://bugs.launchpad.net/devstack/+bug/1252620>
- <https://bugs.launchpad.net/nova/+bug/1112912>
- <https://bugzilla.redhat.com/show_bug.cgi?id=1064163>
Notes
| Author | Note |
|---|---|
| mdeslaur | CVE is actually assigned to packstack, not sure if the neutron patch is actually a vulnerability fix. |
| jdstrand | per upstream, only Icehouse is affected |
Related
prion
prion
Design/Logic Flaw
2014-04-17 14:55:00
cvelist
cvelist
CVE-2014-0071
2014-04-17 14:00:00
debiancve
debiancve
CVE-2014-0071
2014-04-17 14:55:06
nvd
nvd
CVE-2014-0071
2014-04-17 14:55:06
redhat
redhat
(RHSA-2014:0233) Important: openstack-packstack security and bug fix update
2014-03-04 00:00:00
cve
cve
CVE-2014-0071
2014-04-17 14:55:06
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.003
Percentile
65.3%
Related for UB:CVE-2014-0071