CVE-2024-53916

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions 23 through 23.2.0 OpenStack Neutron versions 24 through 24.0.1 OpenStack Neutron versions 25 through 25.0.0

Description: The issue affects OpenStack Neutron, where the neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. This results in the failure to apply the proper policy check for changing network tags. As a consequence, an unprivileged tenant can change (add and clear) tags on network objects that do not belong to the tenant without being subjected to the proper policy authorization check.

Recommendations: For OpenStack Neutron versions 23 through 23.2.0, update to version 23.2.1 or later. For OpenStack Neutron versions 24 through 24.0.1, update to version 24.0.2 or later. For OpenStack Neutron versions 25 through 25.0.0, update to version 25.0.1 or later.