[OSSA-2024-005] Neutron: Authorization bypassed when setting tags on Neutron networks (CVE-2024-53916)

[Jay Faulkner <jay () jvf cc>]

===========================================================================
OSSA-2024-005: Authorization bypassed when setting tags on Neutron networks
===========================================================================

:Date: December 03, 2024
:CVE: CVE-2024-53916


Affects
~~~~~~~
- Neutron: >=23.0.0 <23.2.1, >=24.0.0 <24.0.2, >=25.0.0 <25.0.1


Description
~~~~~~~~~~~
Tore Anderson of Redpill Linpro AS discovered that Neutron does not apply
the proper policy check for changing network tags. An unprivileged tenant
is able to change (add and clear) tags on network objects which do not
belong to the tenant, and this action is not being subjected to the
proper policy authorization check.


Patches
~~~~~~~
-https://review.opendev.org/c/openstack/neutron/+/936849 (2023.2/bobcat)
-https://review.opendev.org/c/openstack/neutron/+/936846 (2024.1/caracal)
-https://review.opendev.org/c/openstack/neutron/+/936843 (2024.2/dalmatian)
-https://review.opendev.org/c/openstack/neutron/+/935883 (2025.1/epoxy)


Credits
~~~~~~~
- Tore Anderson from Redpill Linpro AS (C, V, E, -, 2, 0, 2, 4, -, 5, 3, 9, 1, 6)


References
~~~~~~~~~~
-https://launchpad.net/bugs/2088986
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53916


--
Jay Faulkner
OpenStack VMT


Note: Apologies; sent the previous notification without GPG signature from the wrong email account.

Attachment: OpenPGP_0x6B75D939B424C6D4.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature