Lucene search

K
cve[email protected]CVE-2014-0056
HistoryMay 08, 2014 - 2:29 p.m.

CVE-2014-0056

2014-05-0814:29:00
CWE-287
web.nvd.nist.gov
30
cve-2014-0056
openstack neutron
unauthorized access
remote authenticated users
security vulnerability

6.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

6.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

Related for CVE-2014-0056