CVE-2014-0056

First published: Thu May 08 2014(Updated: )

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/weakness
• agent/severity
• agent/author
• agent/type
• agent/event
• agent/description
• agent/softwarecombine
• agent/first-publish-date
• agent/tags
• agent/last-modified-date
• collector/mitre-cve
• source/MITRE
• vendor/openstack
• canonical/openstack neutron
• version/openstack neutron/2012.2
• version/openstack neutron/2012.2.1
• version/openstack neutron/2012.2.2
• version/openstack neutron/2012.2.3
• version/openstack neutron/2012.2.4
• version/openstack neutron/2013.1
• version/openstack neutron/2013.1.1
• version/openstack neutron/2013.1.2
• version/openstack neutron/2013.1.3
• version/openstack neutron/2013.1.4
• version/openstack neutron/2013.1.5
• version/openstack neutron/2013.2
• version/openstack neutron/2013.2.1
• version/openstack neutron/2013.2.2
• vendor/canonical
• canonical/canonical ubuntu linux
• version/canonical ubuntu linux/13.10