UBUNTU-CVE-2024-53916

Source
https://ubuntu.com/security/CVE-2024-53916
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-53916.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-53916
Related
Published
2024-11-25T00:15:00Z
Modified
2025-01-13T10:26:50Z
Summary
[none]
Details

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

References

Affected packages

Ubuntu:24.10 / neutron

Package

Name
neutron
Purl
pkg:deb/ubuntu/neutron@2:25.0.0-0ubuntu1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:24.*

2:24.0.0-0ubuntu1

2:25.*

2:25.0.0~b1+git2024080716.9cbaceff-0ubuntu1
2:25.0.0~rc1-0ubuntu1
2:25.0.0-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / neutron

Package

Name
neutron
Purl
pkg:deb/ubuntu/neutron@2:24.0.0-0ubuntu2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:23.*

2:23.0.0-0ubuntu1

2:24.*

2:24.0.0~b1+git2024011914.5ce17647-0ubuntu1
2:24.0.0~rc1-0ubuntu2
2:24.0.0-0ubuntu1
2:24.0.0-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}