CVE-2023-6110: Openstack: deleting a non existing access rule deletes another existing access rule in it's scope

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-6110

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Openstack: deleting a non existing access rule deletes another existing access rule in it's scope

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

结构体元素处理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenStack 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenStack是美国美国国家航空航天局（NASA）的一个云平台管理项目。 OpenStack存在安全漏洞，该漏洞源于当用户尝试删除其范围内不存在的访问规则时，它会删除与任何应用程序凭据无关的其他现有访问规则。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Red Hat	Red Hat OpenStack Platform 17.1 for RHEL 8	0:5.5.2-17.1.20230829213816.el8ost ~ *	`cpe:/a:redhat:openstack:17.1::el8`
Red Hat	Red Hat OpenStack Platform 17.1 for RHEL 9	0:5.5.2-17.1.20230829210830.el9ost ~ *	`cpe:/a:redhat:openstack:17.1::el9`
Red Hat	Red Hat OpenStack Platform 16.1	-	`cpe:/a:redhat:openstack:16.1`
Red Hat	Red Hat OpenStack Platform 16.2	-	`cpe:/a:redhat:openstack:16.2`
Red Hat	Red Hat OpenStack Platform 17.0	-	`cpe:/a:redhat:openstack:17.0`
Red Hat	Red Hat OpenStack Platform 18.0	-	`cpe:/a:redhat:openstack:18.0`

II. Public POCs for CVE-2023-6110

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-6110

Please Login to view more intelligence information

https://access.redhat.com/security/cve/CVE-2023-6110vdb-entryx_refsource_REDHAT
https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf
https://access.redhat.com/errata/RHSA-2024:2737vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2023-6110

IV. Related Vulnerabilities

Same product: Red Hat OpenStack Platform 17.1 for RHEL 8

CVE-2023-6725
Tripleo-ansible: bind keys are world readable

Same vendor: Red Hat

Same weakness: CWE-237

V. Comments for CVE-2023-6110

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-6110

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-6110

III. Intelligence Information for CVE-2023-6110

IV. Related Vulnerabilities

V. Comments for CVE-2023-6110

Leave a comment