Scope Deletion Vulnerability Affects OpenStack Security
CVE-2023-6110

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openstack Platform 17.1 For Rhel 8; Red Hat Openstack Platform 17.1 For Rhel 9; Red Hat Openstack Platform 16.1; Red Hat Openstack Platform 16.2
Vendor: CVE Published:; 17 November 2024

Summary

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

Affected Version(s)

Red Hat OpenStack Platform 17.1 for RHEL 8 0:5.5.2-17.1.20230829213816.el8ost

Red Hat OpenStack Platform 17.1 for RHEL 9 0:5.5.2-17.1.20230829210830.el9ost

References

https://access.redhat.com/errata/RHSA-2024:2737

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:2769

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-6110

vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2024