Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:52
Type | Values Removed | Values Added |
---|---|---|
Summary | Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. | |
References |
|
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking (neutron). An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected. |
Information
Published : 2015-10-27 16:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5240
Mitre link : CVE-2015-5240
CVE.ORG link : CVE-2015-5240
JSON object : View
Products Affected
openstack
- neutron
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')