41 lines
1.3 KiB
JSON
41 lines
1.3 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2014-03-27",
|
|
"description": "Aaron Rosen from VMware reported a vulnerability where Neutron fails to perform proper authorization checks when creating ports. By choosing a device id of a router from a different tenant when creating a port, an authenticated user can access the network of other tenants. This affects deployments of Neutron using plugins relying on the l3-agent.",
|
|
"id": "2014-008",
|
|
"title": "Routers can be cross plugged by other tenants",
|
|
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "neutron",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"1243327"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "VMware",
|
|
"name": "Aaron Rosen"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"83391",
|
|
"83393"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2014-0056",
|
|
"cvss": {
|
|
"base_score": "4.1",
|
|
"scoring_vector": "AV:A/AC:L/Au:S/C:P/I:P/A:N"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "moderate"
|
|
}
|
|
]
|
|
} |