When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/errata/RHSA-2018:2710 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2715 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2721 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3792 - Third Party Advisory | |
References | () https://bugs.launchpad.net/neutron/+bug/1757482 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d - Patch, Vendor Advisory |
Information
Published : 2018-09-10 19:29
Updated : 2024-11-21 03:49
NVD link : CVE-2018-14635
Mitre link : CVE-2018-14635
CVE.ORG link : CVE-2018-14635
JSON object : View
Products Affected
openstack
- neutron
redhat
- openstack
CWE
CWE-20
Improper Input Validation