CVE-2024-53916
published 2024-11-25CVE-2024-53916: In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.69%
48.3th percentile
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | neutron | < neutron 2:25.0.0-2 (forky) | neutron 2:25.0.0-2 (forky) |
| openstack | neutron | >= 0 < 2:25.0.0-2 | 2:25.0.0-2 |
| openstack | neutron | >= 0 < 2:25.0.0-2 | 2:25.0.0-2 |
| openstack | neutron | >= 23.0.0 < 23.2.1 | 23.2.1 |
| openstack | neutron | >= 24.0.0 < 24.0.2 | 24.0.2 |
| openstack | neutron | >= 25.0.0 < 25.0.1 | 25.0.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenStack Neutron can use an incorrect ID during policy enforcement
ghsa·2024-11-25
CVE-2024-53916 [MEDIUM] CWE-345 OpenStack Neutron can use an incorrect ID during policy enforcement
OpenStack Neutron can use an incorrect ID during policy enforcement
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
OSV
OpenStack Neutron can use an incorrect ID during policy enforcement
osv·2024-11-25
CVE-2024-53916 [MEDIUM] OpenStack Neutron can use an incorrect ID during policy enforcement
OpenStack Neutron can use an incorrect ID during policy enforcement
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
OSV
CVE-2024-53916: In OpenStack Neutron before 25
osv·2024-11-25·CVSS 7.5
CVE-2024-53916 [HIGH] CVE-2024-53916: In OpenStack Neutron before 25
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
Red Hat
openstack-neutron: tagging.py can use an incorrect ID during policy enforcement
vendor_redhat·2024-11-24·CVSS 7.5
CVE-2024-53916 [HIGH] CWE-345 openstack-neutron: tagging.py can use an incorrect ID during policy enforcement
openstack-neutron: tagging.py can use an incorrect ID during policy enforcement
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
A flaw was found in OpenStack Neutron. The service tagging policy engine insufficiently verifies the parent resource or the upper parent resource project ID when checking the policies against the caller project ID.
Package: openstack-heat (Red Hat OpenStack Platform 16.
Debian
CVE-2024-53916: neutron - In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an inc...
vendor_debian·2024·CVSS 7.5
CVE-2024-53916 [HIGH] CVE-2024-53916: neutron - In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an inc...
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved (fixed in 2:25.0.0-2)
sid: resolved (fixed in 2:25.0.0-2)
trixie: resolved (fixed in 2:25.0.0-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232https://review.opendev.org/c/openstack/neutron/+/935883https://review.opendev.org/q/project:openstack/neutronhttps://security.openstack.org/ossa/OSSA-2024-005.htmlhttp://www.openwall.com/lists/oss-security/2024/12/03/1
2024-11-25
Published