Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14635

Опубликовано: 10 сент. 2018
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.0.5 (включая)
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
Версия от 12.0.0 (включая) до 12.0.3 (включая)
cpe:2.3:a:openstack:neutron:13.0.0.0:b1:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00306
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2018-14635

CVSS3: 6.5
ubuntu
больше 7 лет назад

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

redhat логотип

CVE-2018-14635

CVSS3: 6.5
redhat
почти 8 лет назад

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

debian логотип

CVE-2018-14635

CVSS3: 6.5
debian
больше 7 лет назад

When using the Linux bridge ml2 driver, non-privileged tenants are abl ...

github логотип

GHSA-x634-34m9-96mp

CVSS3: 6.5
github
больше 3 лет назад

OpensStack Neutron Denial of Service Vulnerability

EPSS

Процентиль: 53%
0.00306
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20
CWE-20