CVE-2014-0056

Priority
Description
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the
tenant id when creating ports, which allows remote authenticated users to
plug ports into the routers of arbitrary tenants via the device id in a
port-create command.
Assigned-to
jdstrand
Notes
jdstrandfixed in 1:2013.2.3-0ubuntu1. Needs a rebuild for saucy-security
Package
Upstream:released (2013.2.3)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1:2014.1~b3-0ubuntu1])
More Information

Updated: 2020-09-10 02:53:41 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)