CVE-2022-3277

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
openstackneutron
𝑥
< 18.6.0
openstackneutron
19.0.0 ≤
𝑥
< 19.5.0
redhatopenstack_platform
13.0
redhatopenstack_platform
16.1
redhatopenstack_platform
16.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bullseye (security)
vulnerable
bullseye
no-dsa
bookworm
no-dsa
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
Fixed 2:20.3.0-0ubuntu1.1
released
focal
Fixed 2:16.4.2-0ubuntu6.2
released
bionic
Fixed 2:12.1.1-0ubuntu8.1
released
xenial
needs-triage
trusty
ignored