Improper Check for Unusual or Exceptional Conditions

CVE-2024-53916

High

7.5/10

Summary

In OpenStack Neutron package, `neutron/extensions/tagging.py` can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This issue affects versions 23.2.0, 24.x.x prior to 24.1.0, and 25.x.x prior to 25.1.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

References

Advisory Timeline

Published Nov 25, 2024

Improper Check for Unusual or Exceptional Conditions

CVE-2024-53916

Summary

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS