CVE-2023-6725 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.6 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
redhat	CNA	6.6 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
redhat	openstack_platform	17.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

designate

bullseye	1:11.0.0-2 fixed
bookworm	1:15.0.0-4 fixed
sid	1:19.0.0-3 fixed
trixie	1:19.0.0-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

designate

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-1220 - Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

References

https://access.redhat.com/errata/RHSA-2024:2736

https://access.redhat.com/errata/RHSA-2024:2770

https://access.redhat.com/security/cve/CVE-2023-6725

https://bugzilla.redhat.com/show_bug.cgi?id=2249273

https://access.redhat.com/errata/RHSA-2024:2736

https://access.redhat.com/errata/RHSA-2024:2770

https://access.redhat.com/security/cve/CVE-2023-6725

https://bugzilla.redhat.com/show_bug.cgi?id=2249273