CVE-2017-7543 – neutron

Package

Manager: pip
Name: neutron
Vulnerable Version: >=0 <7.2.0-12.1 || >=8.0.0 <8.3.0-11.1 || >=9.0.0 <9.3.1-2.1 || >=10.0.0 <10.0.2-1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00441 pctl0.62361

Details

OpenStack Neutron Race Condition vulnerability A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.

Metadata

Created: 2022-05-13T01:07:31Z
Modified: 2023-02-08T18:10:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvxr-2fvv-c3wq/GHSA-hvxr-2fvv-c3wq.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-hvxr-2fvv-c3wq
Finding: F124
Auto approve: 1