CVE-2018-14635
Description
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.306
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-14635 are fixed in Python-neutron 11.0.6 | Windows |
| Vulnerabilities CVE-2018-14635 are fixed in Python-neutron 12.0.4 | Windows |
| Vulnerabilities CVE-2018-14635,CVE-2018-14636 are fixed in Python-neutron 13.0.0.0b2 | Windows |
| Vulnerabilities CVE-2018-14635 are fixed in Python-neutron for linux 11.0.6 | Linux |
| Vulnerabilities CVE-2018-14635 are fixed in Python-neutron for linux 12.0.4 | Linux |
| Vulnerabilities CVE-2018-14635,CVE-2018-14636 are fixed in Python-neutron for linux 13.0.0.0b2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234