USN-2194-1: OpenStack Neutron vulnerability
5 May 2014
OpenStack Neutron would allow unintended access to other tenant networks.
- neutron - Openstack Virtual Network Service
Aaron Rosen discovered that OpenStack Neutron did not properly perform
authorization checks when creating ports when using plugins relying on the
l3-agent. A remote authenticated attacker could exploit this to access the
network of other tenants.