CVE-2024-53916: OpenStack Neutron can use an incorrect ID during policy enforcement
(updated )
In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the “Work in Progress” status as of 2024-11-24.
References
- github.com/advisories/GHSA-f27h-g923-68hw
- github.com/openstack/neutron
- github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py
- nvd.nist.gov/vuln/detail/CVE-2024-53916
- review.opendev.org/c/openstack/neutron/+/935883
- review.opendev.org/q/project:openstack/neutron
- security.openstack.org/ossa/OSSA-2024-005.html
Detect and mitigate CVE-2024-53916 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →