Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-53916

Опубликовано: 25 нояб. 2024
Источник: debian
EPSS Низкий

Описание

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
neutronfixed2:25.0.0-2package
neutronnot-affectedbookwormpackage
neutronnot-affectedbullseyepackage

Примечания

  • https://review.opendev.org/c/openstack/neutron/+/935883

  • Introduced in https://opendev.org/openstack/neutron/commit/f9b91289a5c2948429e69e1b58098cec846fba99

  • https://www.openwall.com/lists/oss-security/2024/12/03/1

EPSS

Процентиль: 49%
0.00257
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-53916

CVSS3: 7.5
ubuntu
около 1 года назад

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

redhat логотип

CVE-2024-53916

CVSS3: 5.3
redhat
около 1 года назад

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

nvd логотип

CVE-2024-53916

CVSS3: 7.5
nvd
около 1 года назад

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

github логотип

GHSA-f27h-g923-68hw

CVSS3: 7.5
github
около 1 года назад

OpenStack Neutron can use an incorrect ID during policy enforcement

EPSS

Процентиль: 49%
0.00257
Низкий