neutron@26.0.0.0b1 vulnerabilities

OpenStack Networking

latest version

25.0.0
first published

7 years ago
latest version published

2 months ago
licenses detected
- Apache-2.0
  [0,)
View neutron package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the neutron package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Incorrect Permission Assignment for Critical Resource neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the reliance on a caller ID during policy enforcement, rather than using the parent/resource ID. How to fix Incorrect Permission Assignment for Critical Resource? A fix was pushed into the `master` branch but not yet published.	[24.0.0,)
M Denial of Service (DoS) neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota. NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277. How to fix Denial of Service (DoS)? There is no fixed version for `neutron`.	[0,)

Incorrect Permission Assignment for Critical Resource

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the reliance on a caller ID during policy enforcement, rather than using the parent/resource ID.

How to fix Incorrect Permission Assignment for Critical Resource?

A fix was pushed into the master branch but not yet published.

[24.0.0,)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota.

NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277.

How to fix Denial of Service (DoS)?

There is no fixed version for neutron.

[0,)

Go back to all versions of this package

neutron@26.0.0.0b1 vulnerabilities

OpenStack Networking

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities