CVE-2024-53916
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
OpenStack Neutron can use an incorrect ID during policy enforcement
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-53916
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 2:25.0.0-2 |
| debian | sid | fixed | 2:25.0.0-2 |
| debian | trixie | fixed | 2:25.0.0-2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-53916
- https://github.com/openstack/neutron
- https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232
- https://review.opendev.org/c/openstack/neutron/+/935883
- https://review.opendev.org/q/project:openstack/neutron
- https://security.openstack.org/ossa/OSSA-2024-005.html
- http://www.openwall.com/lists/oss-security/2024/12/03/1
- https://security-tracker.debian.org/tracker/CVE-2024-53916
Verify integrity in audit chain (admin only). AS-IS.