6.1 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.3%
Aaron Rosen discovered that OpenStack Neutron did not properly perform
authorization checks when creating ports when using plugins relying on the
l3-agent. A remote authenticated attacker could exploit this to access the
network of other tenants.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | python-neutron | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-common | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-dhcp-agent | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-l3-agent | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-lbaas-agent | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-metadata-agent | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-plugin-bigswitch | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-plugin-brocade | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-plugin-cisco | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | neutron-plugin-hyperv | < 1:2013.2.3-0ubuntu1.1 | UNKNOWN |