Tim Shephardon

**Name of the Vulnerable Software and Affected Versions** OpenStack Neutron versions prior to 28.0.1 **Description** A project manager can create or update a port on a shared network owned by another project by setting the `device owner` variable to a value starting with "network:", such as "network:dhcp". This occurs because default port Role-Based Access Control (RBAC) policies incorrectly include the PROJECT MANAGER role without requiring network ownership. This allows a project manager to obtain trusted network-service port behavior on shared networks, which may bypass anti-spoofing and security group protections. Consequently, this can enable DHCP, MAC, or IP spoofing against other tenants on the shared network. **Recommendations** Update to version 28.0.1.