OpenStack Neutron L3 Agent Port Creation Vulnerability
CVE-2014-0056
Currently unrated
Summary
The l3-agent component in OpenStack Neutron versions prior to 2013.2.3 is susceptible to an improper access control vulnerability. It fails to validate the tenant ID during port creation. This oversight permits remote authenticated users to manipulate ports, allowing them to connect to routers belonging to other tenants by using a device ID in the port creation command. Such behavior can lead to serious network segmentation issues and unauthorized access to tenant resources, significantly compromising the overall security posture of affected environments.
References
Timeline
Vulnerability published
Vulnerability Reserved