CVE-2018-14635: Improper Input Validation
(updated )
When using the Linux bridge ml2
driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside the allowed allocation pool.
References
Detect and mitigate CVE-2018-14635 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →