CVE-2024-53916

CVE-2024-53916 is a high-severity vulnerability with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.

Key facts

Description

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.

Frequently asked questions

What is CVE-2024-53916?
In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.
How severe is CVE-2024-53916?
CVE-2024-53916 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
Is CVE-2024-53916 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (49th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2024-53916?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2024-53916 have an EU (EUVD) identifier?
Yes. CVE-2024-53916 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-3352.
When was CVE-2024-53916 published?
CVE-2024-53916 was published on 2024-11-25 and last updated on 2026-06-17.

References

Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities

Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →