cvedb.io
CVE-2018-14635
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-09-10T19:29:00.313 · Last modified 2026-06-17T01:41:20.640

Summary

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Affected products

redhat — openstack

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.