CVE-2019-10876

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10876
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10876.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10876
Aliases
Related
Published
2019-04-05T05:29:03Z
Modified
2024-10-11T10:38:40Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

References

Affected packages

Debian:11 / neutron

Package

Name
neutron
Purl
pkg:deb/debian/neutron?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.2-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / neutron

Package

Name
neutron
Purl
pkg:deb/debian/neutron?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.2-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / neutron

Package

Name
neutron
Purl
pkg:deb/debian/neutron?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.2-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/neutron

Affected ranges

Type
GIT
Repo
https://github.com/openstack/neutron
Events