OpenStack Neutron Improper Authentication vulnerability

GHSA-72p9-6gc7-q93r · CVE-2014-0056

Published May 17, 2022 · Modified Nov 8, 2023

Description

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0056
WEB https://access.redhat.com/errata/RHSA-2014:0516
WEB https://access.redhat.com/security/cve/CVE-2014-0056
WEB https://bugs.launchpad.net/neutron/+bug/1243327
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1063141
PACKAGE https://opendev.org/openstack/neutron
WEB http://rhn.redhat.com/errata/RHSA-2014-0516.html
WEB http://www.openwall.com/lists/oss-security/2014/03/27/5
WEB http://www.ubuntu.com/usn/USN-2194-1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes