Openstack

Neutron

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.26%
  • Veröffentlicht 04.06.2026 16:18:39
  • Zuletzt bearbeitet 04.06.2026 19:15:17

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "network:" at the beginning ("network:dhcp" for example). The default port RBAC po...

  • EPSS 0.3%
  • Veröffentlicht 28.05.2026 21:53:03
  • Zuletzt bearbeitet 02.06.2026 20:16:39

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permit...

  • EPSS 0.7%
  • Veröffentlicht 25.11.2024 00:15:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on...

  • EPSS 1.06%
  • Veröffentlicht 06.03.2023 23:15:10
  • Zuletzt bearbeitet 07.03.2025 16:15:35

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota....

Exploit
  • EPSS 1.76%
  • Veröffentlicht 08.09.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 06:24:49

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume incre...

Exploit
  • EPSS 1.89%
  • Veröffentlicht 31.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:23:31

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

Exploit
  • EPSS 1.21%
  • Veröffentlicht 23.08.2021 05:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:37

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a se...

  • EPSS 1.02%
  • Veröffentlicht 28.05.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:14

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the netwo...

  • EPSS 1.76%
  • Veröffentlicht 05.04.2019 05:29:03
  • Zuletzt bearbeitet 21.11.2024 04:20:01

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure...

Exploit
  • EPSS 3.64%
  • Veröffentlicht 13.03.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:12

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't supp...