Traffic Inspection Vulnerability in OpenStack Neutron by OpenStack
CVE-2018-14636
Key Information:
- Vendor
- The Openstack Project
- Status
- Openstack-neutron
- Vendor
- CVE Published:
- 10 September 2018
Summary
The vulnerability is linked to improper isolation during the live migration of instances within OpenStack Neutron. When live-migrated, instances can momentarily access the network traffic of other instances on the same hypervisor, potentially exposing sensitive data. This situation arises if the instance's port is administratively set to a down state before migration and remains so afterwards. The Open vSwitch integration bridge remains connected throughout the migration process, delaying the application of necessary VLAN filters until after migration. As a result, instances may gain visibility into the traffic of other instances, highlighting a significant risk in multi-tenant environments.
Affected Version(s)
openstack-neutron 13.0.0.0b2
openstack-neutron 12.0.3
openstack-neutron 11.0.5
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved