Incorrect ID usage in policy enforcement in OpenStack Neutron through 25.0.0
CVE-2024-53916

7.5HIGH

Key Information:

Vendor: OpenStack
Status: Neutron
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-53916?

A vulnerability exists in OpenStack Neutron versions prior to 25.0.1, where the system allows unprivileged tenants to alter network object tags without appropriate authorization checks. This issue arises from the incorrect application of policy enforcement in the neutron/extensions/tagging.py file, enabling potential misuse of network tagging features. The affected versions include Neutron 23.0.0 through 23.2.0, 24.0.0 to 24.0.1, and 25.0.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://review.opendev.org/c/openstack/neutron/+/935883

https://review.opendev.org/q/project:openstack/neutron

https://github.com/openstack/neutron/blob/363ffa6e9e1ab59...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2024

JSON

OpenStack

What is CVE-2024-53916?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.