CVE-2015-5240

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-5240

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-5240.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-5240

Aliases

GHSA-hhpj-6pj7-wpx5

Related

Published

2015-10-27T16:59:06Z

Modified

2024-09-18T01:00:21Z

Summary

[none]

Details

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.

References

Affected packages

Debian:11 / neutron

Package

Name: neutron
Purl: pkg:deb/debian/neutron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / neutron

Package

Name: neutron
Purl: pkg:deb/debian/neutron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / neutron

Package

Name: neutron
Purl: pkg:deb/debian/neutron?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}