CVE-2023-6110: OpenStack improperly deletes access rules
(updated )
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it’s scope, it deletes other existing access rules which are not associated with any application credentials.
References
- access.redhat.com/errata/RHSA-2024:2737
- access.redhat.com/errata/RHSA-2024:2769
- access.redhat.com/security/cve/CVE-2023-6110
- bugzilla.redhat.com/show_bug.cgi?id=2212960
- code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf
- github.com/advisories/GHSA-2ppf-2m6f-6v6f
- github.com/openstack/python-openstackclient
- github.com/openstack/python-openstackclient/commit/bc60e3bb908a7f10c87993d791184bfe46784d6c
- nvd.nist.gov/vuln/detail/CVE-2023-6110
- review.opendev.org/c/openstack/python-openstackclient/+/888697
Detect and mitigate CVE-2023-6110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →