CVE-2024-53916

EPSS 0.26%
Veröffentlicht 25.11.2024 00:15:04
Zuletzt bearbeitet 06.01.2025 18:15:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstelleropenstack

≫

Produkt neutron

Default Statusunknown

Version <= 25.0.0

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.489

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232

https://review.opendev.org/c/openstack/neutron/+/935883

https://review.opendev.org/q/project:openstack/neutron

https://security.openstack.org/ossa/OSSA-2024-005.html

http://www.openwall.com/lists/oss-security/2024/12/03/1

https://nvd.nist.gov/vuln/detail/CVE-2024-53916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-53916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-53916

EUVD