CVE-2023-6110 | THREATINT

Description

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

PUBLISHED Reserved 2023-11-13 | Published 2024-11-17 | Updated 2024-12-05 | Assigner redhat

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Problem types

Improper Handling of Structural Elements

Product status

Default status

affected

0:5.5.2-17.1.20230829213816.el8ost (rpm) before *

unaffected

Default status

affected

0:5.5.2-17.1.20230829210830.el9ost (rpm) before *

unaffected

Default status

affected

Default status

affected

Default status

unknown

Default status

affected

Timeline

2023-06-05:	Reported to Red Hat.
2024-01-24:	Made public.

References

access.redhat.com/errata/RHSA-2024:2737 (RHSA-2024:2737) vendor-advisory

access.redhat.com/errata/RHSA-2024:2769 (RHSA-2024:2769) vendor-advisory

access.redhat.com/security/cve/CVE-2023-6110 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2212960 (RHBZ#2212960) issue-tracking

code.engineering.redhat.com/...b2cd2b56e73724110710a68d58abf

review.opendev.org/...nstack/python-openstackclient/+/888697

cve.org (CVE-2023-6110)

nvd.nist.gov (CVE-2023-6110)