neutron 18.5.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the neutron package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Incorrect Permission Assignment for Critical Resource neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the reliance on a caller ID during policy enforcement, rather than using the parent/resource ID. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade `neutron` to version 23.3.0, 24.1.0, 25.1.0, 26.0.0.0rc1 or higher.	[,23.3.0)[24.0.0,24.1.0)[25.0.0,25.1.0)[26.0.0.0b1,26.0.0.0rc1)
M Denial of Service (DoS) neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota. NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277. How to fix Denial of Service (DoS)? There is no fixed version for `neutron`.	[0,)
M Improper Authorization neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id `None`, it will create a default security group for that project and returns an empty list to the caller. How to fix Improper Authorization? Upgrade `neutron` to version 21.0.0.0rc1 or higher.	[0,21.0.0.0rc1)

Vulnerability

Vulnerable Version

Incorrect Permission Assignment for Critical Resource

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the reliance on a caller ID during policy enforcement, rather than using the parent/resource ID.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade neutron to version 23.3.0, 24.1.0, 25.1.0, 26.0.0.0rc1 or higher.

[,23.3.0)[24.0.0,24.1.0)[25.0.0,25.1.0)[26.0.0.0b1,26.0.0.0rc1)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota.

NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277.

How to fix Denial of Service (DoS)?

There is no fixed version for neutron.

[0,)

Improper Authorization

Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id None, it will create a default security group for that project and returns an empty list to the caller.

How to fix Improper Authorization?

Upgrade neutron to version 21.0.0.0rc1 or higher.

[0,21.0.0.0rc1)

neutron@18.5.0 vulnerabilities

OpenStack Networking

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically