neutron@20.0.0.0rc1 vulnerabilities

OpenStack Networking

latest version

24.0.0
first published

6 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [0,)
View neutron package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the neutron package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Denial of Service (DoS) neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota. NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277. How to fix Denial of Service (DoS)? There is no fixed version for `neutron`.	[0,)
M Improper Authorization neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id `None`, it will create a default security group for that project and returns an empty list to the caller. How to fix Improper Authorization? Upgrade `neutron` to version 21.0.0.0rc1 or higher.	[0,21.0.0.0rc1)

Denial of Service (DoS)

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota.

NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277.

How to fix Denial of Service (DoS)?

There is no fixed version for neutron.

[0,)

Improper Authorization

Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id None, it will create a default security group for that project and returns an empty list to the caller.

How to fix Improper Authorization?

Upgrade neutron to version 21.0.0.0rc1 or higher.

[0,21.0.0.0rc1)

Go back to all versions of this package

neutron@20.0.0.0rc1 vulnerabilities

OpenStack Networking

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities