CVE-2024-53916

A flaw was found in OpenStack Neutron. The service tagging policy engine insufficiently verifies the parent resource or the upper parent resource project ID when checking the policies against the caller project ID...

RHSA-2024:9977 Red Hat Security Advisory: RHOSP 17.1.4 (python-zipp) security update

Bulletin has no description...

RHSA-2024:9991 Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update

Bulletin has no description...

RHSA-2024:9990 Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update

Bulletin has no description...

RHSA-2024:9982 Red Hat Security Advisory: RHOSP 17.1.4 (openstack-ironic) security update

Bulletin has no description...

RHSA-2024:9978 Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-heat-templates) security update

Bulletin has no description...

RHSA-2024:9989 Red Hat Security Advisory: RHOSP 17.1.4 (python-webob) security update

Bulletin has no description...

GHSA-F27H-G923-68HW OpenStack Neutron can use an incorrect ID during policy enforcement

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

OpenStack Neutron can use an incorrect ID during policy enforcement

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

DEBIAN-CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

The vulnerability of the Access Rule Handler component in the cloud service platform of Red Hat OpenStack Platform allows a malicious actor to perform a denial-of-service attack.

The vulnerability of the Access Rule Handler component in the Red Hat OpenStack Platform cloud service platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Incorrect Permission Assignment for Critical Resource

Overview neutron is an OpenStack project to provide “network connectivity as a service” between interface devices e.g., vNICs managed by other OpenStack services e.g., nova. It implements the Neutron API. Affected versions of this package are vulnerable to Incorrect Permission Assignment for...

CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

OpenStack Neutron 安全漏洞

OpenStack Neutron is an OpenStack project open-sourced by OpenStack and designed to provide services between interface devices managed by other OpenStack services. A security vulnerability exists in OpenStack Neutron version 25.0.0 and earlier versions, which stems from the fact that...

CVE-2024-53916

CVE-2024-53916 affects OpenStack Neutron prior to 25.0.1. The root cause is an incorrect ID in neutron/extensions/tagging.py during policy enforcement, causing the policy check for changing network tags to be bypassed. As a result, an unprivileged tenant can add or clear tags on network objects t...

CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

PT-2024-35973 · Openstack · Openstack Neutron

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions 23 through 23.2.0 OpenStack Neutron versions 24 through 24.0.1 OpenStack Neutron versions 25 through 25.0.0 Description: The issue affects OpenStack Neutron, where the neutron/extensions/tagging.py can use an...