{
    "advisory": {
        "date": "2014-03-27", 
        "description": "Aaron Rosen from VMware reported a vulnerability where Neutron fails to perform proper authorization checks when creating ports. By choosing a device id of a router from a different tenant when creating a port, an authenticated user can access the network of other tenants. This affects deployments of Neutron using plugins relying on the l3-agent.", 
        "id": "2014-008", 
        "title": "Routers can be cross plugged by other tenants", 
        "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html"
    }, 
    "affects": [
        {
            "product": "neutron", 
            "version": "TODO"
        }
    ], 
    "bugs": [
        "1243327"
    ], 
    "notes": "", 
    "reporters": [
        {
            "company": "VMware", 
            "name": "Aaron Rosen"
        }
    ], 
    "reviews": [
        "83391", 
        "83393"
    ], 
    "schema_version": 1, 
    "vulnerabilities": [
        {
            "cve": "CVE-2014-0056", 
            "cvss": {
                "base_score": "4.1", 
                "scoring_vector": "AV:A/AC:L/Au:S/C:P/I:P/A:N"
            }, 
            "cwe": "TODO", 
            "impact": "moderate"
        }
    ]
}