Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0056
HistoryApr 01, 2014 - 12:00 a.m.

CVE-2014-0056

2014-04-0100:00:00
ubuntu.com
ubuntu.com
9

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the
tenant id when creating ports, which allows remote authenticated users to
plug ports into the routers of arbitrary tenants via the device id in a
port-create command.

Bugs

Notes

Author Note
jdstrand fixed in 1:2013.2.3-0ubuntu1. Needs a rebuild for saucy-security
OSVersionArchitecturePackageVersionFilename
ubuntu13.10noarchneutron< 1:2013.2.3-0ubuntu1.1UNKNOWN

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

Related for UB:CVE-2014-0056