6.5

CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenstack Version10
RedhatOpenstack Version12
RedhatOpenstack Version13
OpenstackNeutron Version >= 11.0.0 <= 11.0.5
OpenstackNeutron Version >= 12.0.0 <= 12.0.3
OpenstackNeutron Version13.0.0.0 Updateb1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.53% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2018:2721
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2710
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2715
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3792
Third Party Advisory
https://bugs.launchpad.net/neutron/+bug/1757482
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635
Patch
Third Party Advisory
Issue Tracking
https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
Patch
Vendor Advisory