CVE-2018-14635
Published:September 10, 2018
Updated:May 17, 2026
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
Affected Packages
neutron (PYTHON):
Affected version(s) =13.0.0.0b1 <13.0.0.0b2Fix Suggestion:
Update to version 13.0.0.0b2neutron (PYTHON):
Affected version(s) >=12.0.0 <12.0.4Fix Suggestion:
Update to version 12.0.4neutron (PYTHON):
Affected version(s) >=0.0 <11.0.6Fix Suggestion:
Update to version 11.0.6Related Resources (11)
Do you need more information?
Contact UsCVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Improper Input Validation
EPSS
Base Score:
0.31