{"containers":{"cna":{"affected":[{"product":"openstack-neutron","vendor":"The Openstack Project","versions":[{"status":"affected","version":"13.0.0.0b2, 12.0.3, 11.0.5"}]}],"datePublic":"2018-03-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2018-12-06T10:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2018:2710","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2710"},{"name":"RHSA-2018:2715","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2715"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.launchpad.net/neutron/+bug/1757482"},{"name":"RHSA-2018:2721","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2721"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635"},{"name":"RHSA-2018:3792","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:3792"},{"tags":["x_refsource_CONFIRM"],"url":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2018-14635","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"openstack-neutron","version":{"version_data":[{"version_value":"13.0.0.0b2, 12.0.3, 11.0.5"}]}}]},"vendor_name":"The Openstack Project"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable."}]},"impact":{"cvss":[[{"vectorString":"6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20"}]}]},"references":{"reference_data":[{"name":"RHSA-2018:2710","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2710"},{"name":"RHSA-2018:2715","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2715"},{"name":"https://bugs.launchpad.net/neutron/+bug/1757482","refsource":"CONFIRM","url":"https://bugs.launchpad.net/neutron/+bug/1757482"},{"name":"RHSA-2018:2721","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2721"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635"},{"name":"RHSA-2018:3792","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:3792"},{"name":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d","refsource":"CONFIRM","url":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T09:38:12.947Z"},"title":"CVE Program Container","references":[{"name":"RHSA-2018:2710","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2710"},{"name":"RHSA-2018:2715","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2715"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.launchpad.net/neutron/+bug/1757482"},{"name":"RHSA-2018:2721","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2721"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635"},{"name":"RHSA-2018:3792","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:3792"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2018-14635","datePublished":"2018-09-10T19:00:00.000Z","dateReserved":"2018-07-27T00:00:00.000Z","dateUpdated":"2024-08-05T09:38:12.947Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}