CVE-2014-0056

EUVD-2022-2893
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
openstackneutron
2012.2
openstackneutron
2012.2.1
openstackneutron
2012.2.2
openstackneutron
2012.2.3
openstackneutron
2012.2.4
openstackneutron
2013.1
openstackneutron
2013.1.1
openstackneutron
2013.1.2
openstackneutron
2013.1.3
openstackneutron
2013.1.4
openstackneutron
2013.1.5
openstackneutron
2013.2
openstackneutron
2013.2.1
openstackneutron
2013.2.2
canonicalubuntu_linux
13.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bookworm
2:21.0.0-7
fixed
bullseye
2:17.2.1-0+deb11u1
fixed
bullseye (security)
2:17.2.1-0+deb11u1
fixed
sid
2:25.0.0-1
fixed
trixie
2:25.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
lucid
dne
precise
dne
quantal
dne
saucy
Fixed 1:2013.2.3-0ubuntu1.1
released
trusty
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0516.html
http://www.openwall.com/lists/oss-security/2014/03/27/5
http://www.ubuntu.com/usn/USN-2194-1
https://bugs.launchpad.net/neutron/+bug/1243327
http://rhn.redhat.com/errata/RHSA-2014-0516.html
http://www.openwall.com/lists/oss-security/2014/03/27/5
http://www.ubuntu.com/usn/USN-2194-1
https://bugs.launchpad.net/neutron/+bug/1243327