CVE-2023-6110
MEDIUMDescription
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
CVSS v3.1 Score
5.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Weakness Type (CWE)
CWE-237
CWE-237
References
Other References
https://access.redhat.com/errata/RHSA-2024:2737
https://access.redhat.com/errata/RHSA-2024:2769
https://access.redhat.com/security/cve/CVE-2023-6110
https://bugzilla.redhat.com/show_bug.cgi?id=2212960
https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf
https://review.opendev.org/c/openstack/python-openstackclient/+/888697
Frequently Asked Questions
What is CVE-2023-6110? +
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials. It has a CVSS v3.1 base score of 5.5 (MEDIUM).
How severe is CVE-2023-6110? +
CVE-2023-6110 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
How do I check if I'm vulnerable to CVE-2023-6110? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.