We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-6110

Openstack: deleting a non existing access rule deletes another existing access rule in it's scope



Description

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

Reserved 2023-11-13 | Published 2024-11-17 | Updated 2024-12-05 | Assigner redhat


MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Problem types

Improper Handling of Structural Elements

Product status

Default status
affected

0:5.5.2-17.1.20230829213816.el8ost before *
unaffected

Default status
affected

0:5.5.2-17.1.20230829210830.el9ost before *
unaffected

Default status
affected

Default status
affected

Default status
unknown

Default status
affected

Timeline

2023-06-05:Reported to Red Hat.
2024-01-24:Made public.

References

access.redhat.com/errata/RHSA-2024:2737 (RHSA-2024:2737) vendor-advisory

access.redhat.com/errata/RHSA-2024:2769 (RHSA-2024:2769) vendor-advisory

access.redhat.com/security/cve/CVE-2023-6110 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2212960 (RHBZ#2212960) issue-tracking

code.engineering.redhat.com/...b2cd2b56e73724110710a68d58abf

review.opendev.org/...nstack/python-openstackclient/+/888697

cve.org (CVE-2023-6110)

nvd.nist.gov (CVE-2023-6110)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-6110

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.