CVE-2018-14635

Published: Sep 10, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Affected (6)

Products: Redhat: Openstack · Openstack: Neutron

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 10
Redhat Openstack	Version 12
Redhat Openstack	Version 13

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Neutron	From 11.0.0 to 11.0.5
Openstack Neutron	From 12.0.0 to 12.0.3
Openstack Neutron	Version 13.0.0.0 b1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

https://access.redhat.com/errata/RHSA-2018:2710

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2715

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2721

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3792

Source: secalert@redhat.com

Third Party Advisory

https://bugs.launchpad.net/neutron/+bug/1757482

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d

Source: secalert@redhat.com

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2018:2710

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2715

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2721

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3792

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.launchpad.net/neutron/+bug/1757482

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.