CVE-2023-6110 MEDIUM

CVE-2023-6110: Openstack: deleting a non existing access rule deletes another existing access rule in it's scope

Vendor Red Hat
Product Red Hat OpenStack Platform 16.1
Weakness CWE-237
Published November 17, 2024
Last update December 5, 2024

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

Key dates

02Disclosure timeline

November 17, 2024 CVE published
December 5, 2024 Record updated