CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
redhatopenstack
4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bullseye (security)
2:17.2.1-0+deb11u1
fixed
bullseye
2:17.2.1-0+deb11u1
fixed
bookworm
2:21.0.0-7
fixed
sid
2:25.0.0-1
fixed
trixie
2:25.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
trusty
dne
saucy
not-affected
quantal
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0233.html
http://www.securityfocus.com/bid/66001
https://bugzilla.redhat.com/show_bug.cgi?id=1064163
http://rhn.redhat.com/errata/RHSA-2014-0233.html
http://www.securityfocus.com/bid/66001
https://bugzilla.redhat.com/show_bug.cgi?id=1064163