Improperly Implemented Security Check for Standard

CVE-2017-5936

High

7.5/10

Summary

OpenStack Nova-LXD before 13.1.1 and 13.3.0 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-358 - Improperly Implemented Security Check for Standard

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References

Advisory
Mail Thread
Advisory
Issue

Advisory Timeline

Published Apr 12, 2017

Improperly Implemented Security Check for Standard

CVE-2017-5936

Summary

CWE-358 - Improperly Implemented Security Check for Standard

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS