CVE-2023-6110

Summary

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenStack Platform 17.1 for RHEL 80:5.5.2-17.1.20230829213816.el8ost < *unaffected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 90:5.5.2-17.1.20230829210830.el9ost < *unaffected

Weaknesses

  • CWE-237: Improper Handling of Structural Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References