{ "advisory": { "date": "2014-03-27", "description": "Aaron Rosen from VMWare reported a vulnerability where Neutron fails to perform proper authorization checks when creating ports. By choosing a device id of a router from a different tenant when creating a port, an authenticated user can access the network of other tenants. This affects deployments of Neutron using plugins relying on the l3-agent.", "id": "2014-008", "title": "Routers can be cross plugged by other tenants", "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html" }, "affects": [ { "product": "neutron", "version": "TODO" } ], "bugs": [ "1243327" ], "notes": "", "reporters": [ { "company": "VMWare", "name": "Aaron Rosen" } ], "reviews": [ "83391", "83393" ], "schema_version": 1, "vulnerabilities": [ { "cve": "CVE-2014-0056", "cvss": { "base_score": "4.1", "scoring_vector": "AV:A/AC:L/Au:S/C:P/I:P/A:N" }, "cwe": "TODO", "impact": "moderate" } ] }