- Description
- When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:N/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3BB2AF8-29B1-49C4-A15B-FF432B20E4B4",
"versionEndIncluding": "11.0.5",
"versionStartIncluding": "11.0.0"
},
{
"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F675D5F4-0FB0-4D0F-A1D7-07F808820868",
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0"
},
{
"criteria": "cpe:2.3:a:openstack:neutron:13.0.0.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB8CB3DE-98B1-43A6-AFFB-CC469657DFE4"
}
],
"operator": "OR"
}
]
}
]