{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35258?format=json","vulnerability_id":"VCID-jecq-8kqy-sfg8","summary":"When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.","aliases":[{"alias":"CVE-2018-14635"},{"alias":"GHSA-x634-34m9-96mp"},{"alias":"PYSEC-2018-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11972?format=json","purl":"pkg:pypi/neutron@11.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/11973?format=json","purl":"pkg:pypi/neutron@12.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/22096?format=json","purl":"pkg:pypi/neutron@13.0.0.0b2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.0.0b2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11961?format=json","purl":"pkg:pypi/neutron@0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11962?format=json","purl":"pkg:pypi/neutron@10.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/11963?format=json","purl":"pkg:pypi/neutron@10.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/11964?format=json","purl":"pkg:pypi/neutron@10.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/11965?format=json","purl":"pkg:pypi/neutron@11.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/11966?format=json","purl":"pkg:pypi/neutron@11.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/11967?format=json","purl":"pkg:pypi/neutron@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/11968?format=json","purl":"pkg:pypi/neutron@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11969?format=json","purl":"pkg:pypi/neutron@12.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11970?format=json","purl":"pkg:pypi/neutron@12.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11971?format=json","purl":"pkg:pypi/neutron@12.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-p5ww-51mu-buf5"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-t5sb-ghkg-zbb6"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22095?format=json","purl":"pkg:pypi/neutron@13.0.0.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-jecq-8kqy-sfg8"},{"vulnerability":"VCID-mcet-nkj3-bug8"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.0.0b1"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2710","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2715","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2721","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3792","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3792"},{"reference_url":"https://bugs.launchpad.net/neutron/+bug/1757482","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/neutron/+bug/1757482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635"},{"reference_url":"https://github.com/openstack/neutron","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/neutron"},{"reference_url":"https://github.com/openstack/neutron/commit/54aa6e81cb17b33ce4d5d469cc11dec2869c762d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/neutron/commit/54aa6e81cb17b33ce4d5d469cc11dec2869c762d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-93.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-93.yaml"},{"reference_url":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d","reference_id":"","reference_type":"","scores":[],"url":"https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14635","reference_id":"CVE-2018-14635","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14635"},{"reference_url":"https://github.com/advisories/GHSA-x634-34m9-96mp","reference_id":"GHSA-x634-34m9-96mp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x634-34m9-96mp"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jecq-8kqy-sfg8"}