OpenStack Neutron L3 Agent Port Creation Vulnerability
CVE-2014-0056

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
8 May 2014

Summary

The l3-agent component in OpenStack Neutron versions prior to 2013.2.3 is susceptible to an improper access control vulnerability. It fails to validate the tenant ID during port creation. This oversight permits remote authenticated users to manipulate ports, allowing them to connect to routers belonging to other tenants by using a device ID in the port creation command. Such behavior can lead to serious network segmentation issues and unauthorized access to tenant resources, significantly compromising the overall security posture of affected environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.