Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade neutron
to version 21.0.0.0rc1 or higher.
neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.
Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id None
, it will create a default security group for that project and returns an empty list to the caller.
openstack --os-cloud devstack security group list --project None
openstack --os-cloud devstack-admin security group list
# The API call that is made is essentially `GET /networking/v2.0/security-groups?project_id=None`