Metrics
Affected Vendors & Products
Wed, 04 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 04 Dec 2024 04:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24. | In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1. |
Wed, 04 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 27 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openstack
Openstack neutron |
|
CPEs | cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:* | |
Vendors & Products |
Openstack
Openstack neutron |
|
Metrics |
cvssV3_1
|
ssvc
|
Tue, 26 Nov 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | openstack-neutron: tagging.py can use an incorrect ID during policy enforcement | |
Weaknesses | CWE-345 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Sun, 24 Nov 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24. | |
References |
|
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-24T00:00:00
Updated: 2024-12-04T22:01:18.911622Z
Reserved: 2024-11-24T00:00:00
Link: CVE-2024-53916
Updated: 2024-12-04T01:30:22.263Z
Status : Awaiting Analysis
Published: 2024-11-25T00:15:04.423
Modified: 2024-12-04T22:15:22.840
Link: CVE-2024-53916