CVE-2014-0056 — Improper Authentication in Neutron

CWE-287 — Improper Authentication CWE-285 — Improper Authorization12 documents8 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 55.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Canonical Ubuntu Linux

Timeline

PublishedMay 8

Latest updateMay 17

Description

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶PyPIopenstack/neutron2012.2 — 2013.2.3

▶Debianopenstack/neutron< 2013.2.2-4+3

▶NVDopenstack/neutron14 versions+13

Also affects: Ubuntu Linux 13.10

🔴Vulnerability Details

GHSA

OpenStack Neutron Improper Authentication vulnerability↗2022-05-17

▶

OSV

OpenStack Neutron Improper Authentication vulnerability↗2022-05-17

▶

CVEList

CVE-2014-0056: The l3-agent in OpenStack Neutron 2012↗2014-05-08

▶

OSV

CVE-2014-0056: The l3-agent in OpenStack Neutron 2012↗2014-05-08

▶

📋Vendor Advisories

Ubuntu

OpenStack Neutron vulnerability↗2014-05-05

▶

Red Hat

openstack-neutron: insufficient authorization checks when creating ports↗2014-03-28

▶

Debian

CVE-2014-0056: neutron - The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tena...↗2014

▶

💬Community

Bugzilla

CVE-2014-0056 openstack-quantum: OpenStack Neutron: insufficient authorization checks when creating ports [epel-6]↗2014-03-28

▶

Bugzilla

CVE-2014-0056 openstack-quantum: OpenStack Neutron: insufficient authorization checks when creating ports [fedora-19]↗2014-03-28

▶

Bugzilla

CVE-2014-0056 openstack-neutron: OpenStack Neutron: insufficient authorization checks when creating ports [fedora-20]↗2014-03-28

▶

Bugzilla

CVE-2014-0056 openstack-neutron: insufficient authorization checks when creating ports↗2014-02-10

▶