25.1.0
6 years ago
15 days ago
Known vulnerabilities in the neutron package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the reliance on a caller ID during policy enforcement, rather than using the parent/resource ID. How to fix Incorrect Permission Assignment for Critical Resource? A fix was pushed into the | [24.0.0,) |
neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API. Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the unrestricted creation of security groups, which allows users to query a list of security groups for an invalid project and exceed their querying quota. NOTE: This vulnerability exists due to an insufficient fix for CVE-2022-3277. How to fix Denial of Service (DoS)? There is no fixed version for | [0,) |