CVE-2014-0056

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-0056

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-0056.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-0056

Aliases

GHSA-72p9-6gc7-q93r

Related

Published

2014-05-08T14:29:12Z

Modified

2024-09-18T01:00:20Z

Summary

[none]

Details

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

References

Affected packages

Debian:11 / neutron

Package

Name: neutron
Purl: pkg:deb/debian/neutron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / neutron

Package

Name: neutron
Purl: pkg:deb/debian/neutron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / neutron

Package

Name: neutron
Purl: pkg:deb/debian/neutron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}