Openstack · Openstack Neutron · CVE-2014-0056
**Name of the Vulnerable Software and Affected Versions**
OpenStack Neutron versions 2012.2 through 2013.2.2
**Description**
The issue allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command, due to the l3-agent not checking the tenant id when creating ports.
**Recommendations**
For OpenStack Neutron versions 2012.2 through 2013.2.2, update to version 2013.2.3 or later to resolve the issue.