CVE-2014-0056

OpenStack Neutron <2013.2.3 - Privilege Escalation

Title source: llm

Description

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

References (4)

[Issue Tracking] https://bugs.launchpad.net/neutron/+bug/1243327

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0516.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2194-1

[Mailing List] http://www.openwall.com/lists/oss-security/2014/03/27/5

Scores

EPSS 0.0022

EPSS Percentile 43.8%

Classification

CWE

CWE-287

Status draft

Affected Products (16)

openstack/neutron

canonical/ubuntu_linux

... and 1 more

Timeline

Published May 08, 2014

Tracked Since Feb 18, 2026