CVE-2024-53916
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 25, 2024
Updated: Dec 4, 2024
Summary
CVE-2024-53916 is a vulnerability affecting OpenStack Neutron versions before 25.0.1. In the neutron/extensions/tagging.py component, an incorrect ID is used during policy enforcement, bypassing the proper policy check for changing network tags. This issue permits an unprivileged tenant to modify tags on network objects that do not belong to their tenant, without undergoing the necessary policy authorization checks. This vulnerability exists in Neutron versions 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share