Home > Vulnerability Database > CVE-2024-53916

Mend.io Vulnerability Database

CVE-2024-53916

Good to know:

Date: November 23, 2024

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

Language: Python

Severity Score

7.5

Related Resources (8)

Url: https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232

Url: https://security.openstack.org/ossa/OSSA-2024-005.html

Url: https://review.opendev.org/q/project:openstack/neutron

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53916

Url: https://review.opendev.org/c/openstack/neutron/+/935883

Url: https://github.com/openstack/neutron

Url: http://www.openwall.com/lists/oss-security/2024/12/03/1

Url: https://www.mend.io/vulnerability-database/CVE-2024-53916

Severity Score

7.5

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Insufficient Verification of Data Authenticity

CWE-345

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53916

Good to know:

Date: November 23, 2024

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?