CVE-2023-3637 Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)

🗓️ 25 Jul 2023 12:47:31Reported by redhatType

Openstack-neutron flaw allows unrestricted security group creatio

Reporter	Title	Published	Views	Family All 24
Circl	CVE-2023-3637	25 Jul 202316:26	–	circl
CNNVD	OpenStack openstack-neutron 资源管理错误漏洞	25 Jul 202300:00	–	cnnvd
CVE	CVE-2023-3637	25 Jul 202312:47	–	cve
Debian CVE	CVE-2023-3637	25 Jul 202312:47	–	debiancve
EUVD	EUVD-2023-2132	3 Oct 202520:07	–	euvd
Github Security Blog	Denial of service in neutron	25 Jul 202315:30	–	github
NVD	CVE-2023-3637	25 Jul 202313:15	–	nvd
OSV	CVE-2023-3637	25 Jul 202313:15	–	osv
OSV	GHSA-R3JH-QHGJ-GVR8 Denial of service in neutron	25 Jul 202315:30	–	osv
OSV	RHSA-2023:4283 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-neutron) security update	16 Sep 202412:31	–	osv

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-neutron",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:15.3.5-2.20230216175503.el8ost",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openstack:16.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 13 (Queens) Operational Tools",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-neutron",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack-optools:13"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-neutron",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.0",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-neutron",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.0"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-neutron",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 18.0",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-neutron",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openstack:18.0"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-3637
access	www.access.redhat.com/errata/RHSA-2023:4283
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Nov 2025 17:39Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.14.3

EPSS0.0018

CWE-400