neutron@18.1.0 vulnerabilities

OpenStack Networking

latest version

24.0.0
first published

6 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [0,)
View neutron package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the neutron package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Denial of Service (DoS) neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota. NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277. How to fix Denial of Service (DoS)? There is no fixed version for `neutron`.	[0,)
M Improper Authorization neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id `None`, it will create a default security group for that project and returns an empty list to the caller. How to fix Improper Authorization? Upgrade `neutron` to version 21.0.0.0rc1 or higher.	[0,21.0.0.0rc1)
M Denial of Service (DoS) neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `routes` middleware. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. How to fix Denial of Service (DoS)? Upgrade `neutron` to version 16.4.1, 17.2.1, 18.1.1 or higher.	[,16.4.1) [17.0.0,17.2.1) [18.0.0,18.1.1)
H Denial of Service (DoS) neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS). By supplying a specially crafted `extra_dhcp_opts` value, an authenticated user may add arbitrary configuration to the `dnsmasq` process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior. PoC `// A payload to crash dnsmasq PUT /v2.0/ports/9db67e0f-537c-494a-a655-c8a0c518d57e HTTP/1.1 Host: openstack X-Auth-Token: TOKEN Content-Type: application/json Content-Length: 170 {"port":{ "extra_dhcp_opts":[{"opt_name":"zzz", "opt_value":"xxx\n128,aa:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\n120,aa.cc\n128,:" }]}}` How to fix Denial of Service (DoS)? Upgrade `neutron` to version 16.4.1, 17.2.1, 18.1.1 or higher.	[0,16.4.1) [17.0.0,17.2.1) [18.0.0,18.1.1)

Go back to all versions of this package

neutron@18.1.0 vulnerabilities

OpenStack Networking

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

PoC