—
PYSEC-2026-851
OpenStack Neutron Improper Authentication vulnerability
상세
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2014-0056 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2014:0516 [WEB]
- https://access.redhat.com/security/cve/CVE-2014-0056 [WEB]
- https://bugs.launchpad.net/neutron/+bug/1243327 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=1063141 [WEB]
- https://opendev.org/openstack/neutron [PACKAGE]
- http://rhn.redhat.com/errata/RHSA-2014-0516.html [WEB]
- http://www.openwall.com/lists/oss-security/2014/03/27/5 [WEB]
- http://www.ubuntu.com/usn/USN-2194-1 [WEB]
- https://pypi.org/project/neutron [PACKAGE]
- https://github.com/advisories/GHSA-72p9-6gc7-q93r [ADVISORY]