CVE-2023-3637 MEDIUM

CVE-2023-3637: Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)

Vendor Red Hat

Product Red Hat OpenStack Platform 13 (Queens) Operational Tools

Weakness CWE-400

Published July 25, 2023

Last update November 20, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Key dates

02Disclosure timeline

July 25, 2023 CVE published

November 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3637 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2023-3637

CWE CWE-400

CVSS 4.3 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat OpenStack Platform 13 (Queens) Operational Tools

Affected All versions

Vendor Red Hat

Product Red Hat OpenStack Platform 16.1

Affected All versions

Vendor Red Hat

Product Red Hat OpenStack Platform 17.0

Affected All versions

Vendor Red Hat

Product Red Hat OpenStack Platform 17.1

Affected All versions

Vendor Red Hat

Product Red Hat OpenStack Platform 18.0

Affected All versions

CVE-2023-3637: Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)

01Description

02Disclosure timeline

03References

04Related CVE