{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6110", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-11-13T19:27:25.305Z", "datePublished": "2024-11-17T10:22:34.776Z", "dateUpdated": "2024-12-05T20:30:27.043Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:openstack:17.1::el8"], "defaultStatus": "affected", "packageName": "python-openstackclient", "product": "Red Hat OpenStack Platform 17.1 for RHEL 8", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "0:5.5.2-17.1.20230829213816.el8ost", "versionType": "rpm"}]}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:openstack:17.1::el9"], "defaultStatus": "affected", "packageName": "python-openstackclient", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [{"lessThan": "*", "status": "unaffected", "version": "0:5.5.2-17.1.20230829210830.el9ost", "versionType": "rpm"}]}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:openstack:16.1"], "defaultStatus": "affected", "packageName": "openstack-keystone", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:openstack:16.2"], "defaultStatus": "affected", "packageName": "openstack-keystone", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:openstack:17.0"], "defaultStatus": "unknown", "packageName": "openstack-keystone", "product": "Red Hat OpenStack Platform 17.0", "vendor": "Red Hat"}, {"collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": ["cpe:/a:redhat:openstack:18.0"], "defaultStatus": "affected", "packageName": "openstack-keystone", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat"}], "datePublic": "2024-01-24T00:00:00+00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-12-05T20:30:27.043Z"}, "references": [{"name": "RHSA-2024:2737", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2024:2737"}, {"name": "RHSA-2024:2769", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2024:2769"}, {"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2023-6110"}, {"name": "RHBZ#2212960", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"}, {"url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"}, {"url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-237", "description": "Improper Handling of Structural Elements", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-237: Improper Handling of Structural Elements", "timeline": [{"lang": "en", "time": "2023-06-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-24T00:00:00+00:00", "value": "Made public."}], "title": "Openstack: deleting a non existing access rule deletes another existing access rule in it's scope"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-17T16:17:28.263809Z", "id": "CVE-2023-6110", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T14:38:40.898Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6110", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-17T16:17:28.263809Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-17T16:17:32.463Z"}}], "cna": {"title": "Openstack: deleting a non existing access rule deletes another existing access rule in it's scope", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/a:redhat:openstack:17.1::el8"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:5.5.2-17.1.20230829213816.el8ost", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-openstackclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1::el9"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:5.5.2-17.1.20230829210830.el9ost", "lessThan": "*", "versionType": "rpm"}], "packageName": "python-openstackclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.1", "packageName": "openstack-keystone", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "openstack-keystone", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.0"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.0", "packageName": "openstack-keystone", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openstack:18.0"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 18.0", "packageName": "openstack-keystone", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-06-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-24T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-01-24T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2737", "name": "RHSA-2024:2737", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2769", "name": "RHSA-2024:2769", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6110", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960", "name": "RHBZ#2212960", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"}, {"url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-237", "description": "Improper Handling of Structural Elements"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-12-05T20:30:27.043Z"}, "x_redhatCweChain": "CWE-237: Improper Handling of Structural Elements"}}, "cveMetadata": {"cveId": "CVE-2023-6110", "state": "PUBLISHED", "dateUpdated": "2024-12-05T20:30:27.043Z", "dateReserved": "2023-11-13T19:27:25.305Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-17T10:22:34.776Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en OpenStack. Cuando un usuario intenta eliminar una regla de acceso inexistente en su \u00e1mbito, elimina otras reglas de acceso existentes que no est\u00e1n asociadas con ninguna credencial de aplicaci\u00f3n."}], "id": "CVE-2023-6110", "lastModified": "2024-12-05T21:15:07.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-11-17T11:15:06.097", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2737"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2769"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2023-6110"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"}, {"source": "secalert@redhat.com", "url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf"}, {"source": "secalert@redhat.com", "url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-237"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:2769", "cpe": "cpe:/a:redhat:openstack:17.1::el8", "package": "python-openstackclient-0:5.5.2-17.1.20230829213816.el8ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2737", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "python-openstackclient-0:5.5.2-17.1.20230829210830.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2024-05-22T00:00:00Z"}], "bugzilla": {"description": "openstack: deleting a non existing access rule deletes another existing access rule in it's scope", "id": "2212960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-237", "details": ["A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.", "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."], "name": "CVE-2023-6110", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Out of support scope", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2024-01-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6110\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6110\nhttps://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf\nhttps://review.opendev.org/c/openstack/python-openstackclient/+/888697"], "threat_severity": "Moderate"}