CVE-2023-6110

EUVD-2024-3179
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
redhatCNA
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Debian logo
Debian Releases
Debian Product
Codename
python-openstackclient
bookworm
no-dsa
bullseye
no-dsa
buster
not-affected
sid
6.6.0-5
fixed
trixie
6.6.0-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-openstackclient
bionic
needs-triage
focal
Fixed 5.2.0-0ubuntu1.20.04.2
released
jammy
Fixed 5.8.0-0ubuntu1.1
released
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:2737
https://access.redhat.com/errata/RHSA-2024:2769
https://access.redhat.com/security/cve/CVE-2023-6110
https://bugzilla.redhat.com/show_bug.cgi?id=2212960
https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf
https://review.opendev.org/c/openstack/python-openstackclient/+/888697