PYSEC-2019-190

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2019-190.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-190
Aliases
Published
2019-03-13T02:29:00Z
Modified
2024-04-10T19:11:26.152121Z
Summary
[none]
Details

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)

References

Affected packages

PyPI / neutron

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12.0.0
Fixed
12.0.6
Introduced
13.0.0
Fixed
13.0.3
Introduced
11.0.0
Fixed
11.0.7
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.0.8

Affected versions

0.*

0.0

10.*

10.0.5
10.0.6
10.0.7

11.*

11.0.3
11.0.4
11.0.5
11.0.6

12.*

12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5

13.*

13.0.0
13.0.1
13.0.2