Bug 2328595 (CVE-2024-53916)
| Summary: | CVE-2024-53916 openstack-neutron: tagging.py can use an incorrect ID during policy enforcement | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bcafarel, chrisw, eglynn, jjoyce, jschluet, lhh, lsvaty, mburns, mgarciac, pgrist, prodsec-dev, rgatica, rhos-maint, scohen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | bcafarel:
needinfo?
(rgatica) mburns: needinfo? (prodsec-dev) |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in OpenStack Neutron. The service tagging policy engine insufficiently verifies the parent resource or the upper parent resource project ID when checking the policies against the caller project ID.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2328759, 2328760 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-11-25 00:01:10 UTC
|