CVE-2023-6110 Openstack: deleting a non existing access rule deletes another existing access rule in it's scope

🗓️ 17 Nov 2024 10:22:34Reported by redhatType

Flaw in Openstack deleting non-existing access rule deletes other existing rule

Reporter	Title	Published	Views	Family All 34
ATTACKERKB	CVE-2023-6110	17 Nov 202411:15	–	attackerkb
BDU FSTEC	The vulnerability of the Access Rule Handler component in the cloud service platform of Red Hat OpenStack Platform allows a malicious actor to perform a denial-of-service attack.	25 Nov 202400:00	–	bdu_fstec
Circl	CVE-2023-6110	25 Jan 202421:41	–	circl
CNNVD	OpenStack Security Vulnerabilities	24 Jan 202400:00	–	cnnvd
CVE	CVE-2023-6110	17 Nov 202410:22	–	cve
Debian CVE	CVE-2023-6110	17 Nov 202410:22	–	debiancve
EUVD	EUVD-2024-3179	3 Oct 202520:07	–	euvd
Github Security Blog	OpenStack improperly deletes access rules	17 Nov 202412:30	–	github
NVD	CVE-2023-6110	17 Nov 202411:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-6668-1)	29 Feb 202400:00	–	openvas

[
  {
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1::el8"
    ],
    "defaultStatus": "affected",
    "packageName": "python-openstackclient",
    "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
    "vendor": "Red Hat",
    "versions": [
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "0:5.5.2-17.1.20230829213816.el8ost",
        "versionType": "rpm"
      }
    ]
  },
  {
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "cpes": [
      "cpe:/a:redhat:openstack:17.1::el9"
    ],
    "defaultStatus": "affected",
    "packageName": "python-openstackclient",
    "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "vendor": "Red Hat",
    "versions": [
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "0:5.5.2-17.1.20230829210830.el9ost",
        "versionType": "rpm"
      }
    ]
  },
  {
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ],
    "defaultStatus": "affected",
    "packageName": "openstack-keystone",
    "product": "Red Hat OpenStack Platform 16.1",
    "vendor": "Red Hat"
  },
  {
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ],
    "defaultStatus": "affected",
    "packageName": "openstack-keystone",
    "product": "Red Hat OpenStack Platform 16.2",
    "vendor": "Red Hat"
  },
  {
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "cpes": [
      "cpe:/a:redhat:openstack:17.0"
    ],
    "defaultStatus": "unknown",
    "packageName": "openstack-keystone",
    "product": "Red Hat OpenStack Platform 17.0",
    "vendor": "Red Hat"
  },
  {
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "cpes": [
      "cpe:/a:redhat:openstack:18.0"
    ],
    "defaultStatus": "affected",
    "packageName": "openstack-keystone",
    "product": "Red Hat OpenStack Platform 18.0",
    "vendor": "Red Hat"
  }
]

Source	Link
review	www.review.opendev.org/c/openstack/python-openstackclient/+/888697
access	www.access.redhat.com/errata/RHSA-2024:2737
access	www.access.redhat.com/security/cve/CVE-2023-6110
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:2769
code	www.code.engineering.redhat.com/gerrit/gitweb

05 Dec 2024 20:30Current

CVSS 3.15.5

EPSS0.00493

CWE-237