Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)
CVE-2023-3637
4.3MEDIUM
Key Information:
- Vendor
- Red Hat
- Status
- Vendor
- CVE Published:
- 25 July 2023
Summary
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
Affected Version(s)
Red Hat OpenStack Platform 16.2 1:15.3.5-2.20230216175503.el8ost
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database