{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6110", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-11-13T19:27:25.305Z", "datePublished": "2024-11-17T10:22:34.776Z", "dateUpdated": "2024-11-17T16:17:47.535Z"}, "containers": {"cna": {"title": "Openstack: deleting a non existing access rule deletes another existing access rule in it's scope", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-openstackclient", "defaultStatus": "affected", "versions": [{"version": "0:5.5.2-17.1.20230829213816.el8ost", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openstack:17.1::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-openstackclient", "defaultStatus": "affected", "versions": [{"version": "0:5.5.2-17.1.20230829210830.el9ost", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openstack:17.1::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openstack:17.0"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 18.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:18.0"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2737", "name": "RHSA-2024:2737", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2769", "name": "RHSA-2024:2769", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6110", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960", "name": "RHBZ#2212960", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"}, {"url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"}], "datePublic": "2024-01-24T00:00:00+00:00", "timeline": [{"lang": "en", "time": "2023-06-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-24T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-17T10:22:34.776Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-17T16:17:28.263809Z", "id": "CVE-2023-6110", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-17T16:17:47.535Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en OpenStack. Cuando un usuario intenta eliminar una regla de acceso inexistente en su \u00e1mbito, elimina otras reglas de acceso existentes que no est\u00e1n asociadas con ninguna credencial de aplicaci\u00f3n."}], "id": "CVE-2023-6110", "lastModified": "2024-11-18T17:11:17.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2024-11-17T11:15:06.097", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2737"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2769"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2023-6110"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"}, {"source": "secalert@redhat.com", "url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"}, {"source": "secalert@redhat.com", "url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:2769", "cpe": "cpe:/a:redhat:openstack:17.1::el8", "package": "python-openstackclient-0:5.5.2-17.1.20230829213816.el8ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2737", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "python-openstackclient-0:5.5.2-17.1.20230829210830.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2024-05-22T00:00:00Z"}], "bugzilla": {"description": "openstack: deleting a non existing access rule deletes another existing access rule in it's scope", "id": "2212960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified"}, "details": ["A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."], "name": "CVE-2023-6110", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Out of support scope", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2024-01-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6110\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6110\nhttps://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf\nhttps://review.opendev.org/c/openstack/python-openstackclient/+/888697"], "threat_severity": "Moderate"}