Traffic Inspection Vulnerability in OpenStack Neutron by OpenStack
CVE-2018-14636

5.3MEDIUM

Key Information:

Vendor
The Openstack Project
Status
Openstack-neutron
Vendor
CVE Published:
10 September 2018

Summary

The vulnerability is linked to improper isolation during the live migration of instances within OpenStack Neutron. When live-migrated, instances can momentarily access the network traffic of other instances on the same hypervisor, potentially exposing sensitive data. This situation arises if the instance's port is administratively set to a down state before migration and remains so afterwards. The Open vSwitch integration bridge remains connected throughout the migration process, delaying the application of necessary VLAN filters until after migration. As a result, instances may gain visibility into the traffic of other instances, highlighting a significant risk in multi-tenant environments.

Affected Version(s)

openstack-neutron 13.0.0.0b2

openstack-neutron 12.0.3

openstack-neutron 11.0.5

References

https://bugs.launchpad.net/neutron/+bug/1767422
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636
x_refsource_CONFIRM
https://bugs.launchpad.net/neutron/+bug/1734320
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.