2212960 – (CVE-2023-6110) CVE-2023-6110 openstack: deleting a non existing access rule deletes another existing access rule in it's scope

Bug 2212960 (CVE-2023-6110) - CVE-2023-6110 openstack: deleting a non existing access rule deletes another existing access rule in it's scope

Summary: CVE-2023-6110 openstack: deleting a non existing access rule deletes another ...

Keywords:
Status:	NEW
Alias:	CVE-2023-6110
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2209607 2279562 2212962 2212963 2212964 2245163
Blocks:	2209139
TreeView+	depends on / blocked

Reported:	2023-06-06 18:08 UTC by Anten Skrabec
Modified:	2024-05-07 13:20 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Anten Skrabec 2023-06-06 18:08:34 UTC

When a user tries to delete a non existing access rule under it's scope, it deletes by accident it's other existing access rule which are not associated with any application credentials, under his scope.

Comment 5 Salvatore Bonaccorso 2024-02-13 07:06:46 UTC

(In reply to Anten Skrabec from comment #0)
> When a user tries to delete a non existing access rule under it's scope, it
> deletes by accident it's other existing access rule which are not associated
> with any application credentials, under his scope.

Is there any more information on the exact issue, is it reported/known upstream?

Comment 6 Anten Skrabec 2024-02-13 20:25:28 UTC

@Carnil
i've added them as external references but will copy below:
https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf
https://review.opendev.org/c/openstack/python-openstackclient/+/888697

Note You need to log in before you can comment on or make changes to this bug.