{"id":"PYSEC-2018-93","details":"When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.","aliases":["CVE-2018-14635","GHSA-x634-34m9-96mp"],"modified":"2024-04-10T18:58:07.717402Z","published":"2018-09-10T19:29:00Z","references":[{"type":"WEB","url":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635"},{"type":"WEB","url":"https://bugs.launchpad.net/neutron/+bug/1757482"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2715"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2710"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2721"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3792"}],"affected":[{"package":{"name":"neutron","ecosystem":"PyPI","purl":"pkg:pypi/neutron"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6"},{"introduced":"12.0.0"},{"fixed":"12.0.4"}]}],"versions":["0.0","10.0.5","10.0.6","10.0.7","11.0.3","11.0.4","11.0.5","12.0.0","12.0.1","12.0.2","12.0.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2018-93.yaml"}}],"schema_version":"1.7.3"}