PT-2014-3453 · Openstack · Openstack Neutron
Aaron Rosen
+1
·
Published
2014-04-01
·
Updated
2023-02-13
·
CVE-2014-0056
CVSS v2.0
2.1
Low
| Vector | AV:N/AC:H/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Neutron versions 2012.2 through 2013.2.2
Description
The issue allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command, due to the l3-agent not checking the tenant id when creating ports.
Recommendations
For OpenStack Neutron versions 2012.2 through 2013.2.2, update to version 2013.2.3 or later to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Neutron