Description
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96182
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova-lxd/+bug/1656847
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3195-1
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/02/09/3
Scores
CVSS v3
7.5
EPSS
0.0247
EPSS Percentile
85.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (3)
canonical/ubuntu_linux
16.04
openstack/nova-lxd
< 13.1.0
pypi/nova-lxd
0 - 13.1.1PyPI
Published
Apr 12, 2017
Tracked Since
Feb 18, 2026