CVE-2022-3277

EUVD-2023-1125
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
openstackneutron
𝑥
< 18.6.0
openstackneutron
19.0.0 ≤
𝑥
< 19.5.0
redhatopenstack_platform
13.0
redhatopenstack_platform
16.1
redhatopenstack_platform
16.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bookworm
no-dsa
bullseye
no-dsa
bullseye (security)
vulnerable
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
bionic
Fixed 2:12.1.1-0ubuntu8.1
released
focal
Fixed 2:16.4.2-0ubuntu6.2
released
jammy
Fixed 2:20.3.0-0ubuntu1.1
released
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://bugs.launchpad.net/neutron/+bug/1988026
https://bugzilla.redhat.com/show_bug.cgi?id=2129193
https://bugs.launchpad.net/neutron/+bug/1988026
https://bugzilla.redhat.com/show_bug.cgi?id=2129193
https://bugs.launchpad.net/neutron/+bug/1988026
https://bugzilla.redhat.com/show_bug.cgi?id=2129193