Bug 2212960 (CVE-2023-6110) - CVE-2023-6110 openstack: deleting a non existing access rule deletes another existing access rule in it's scope
Summary: CVE-2023-6110 openstack: deleting a non existing access rule deletes another ...
Keywords:
Status: NEW
Alias: CVE-2023-6110
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2209607 2212962 2212963 2212964 2245163 2279562
Blocks: 2209139
TreeView+ depends on / blocked
 
Reported: 2023-06-06 18:08 UTC by Anten Skrabec
Modified: 2024-05-22 20:35 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2737 0 None None None 2024-05-22 20:35:30 UTC
Red Hat Product Errata RHSA-2024:2769 0 None None None 2024-05-22 20:11:07 UTC

Description Anten Skrabec 2023-06-06 18:08:34 UTC
When a user tries to delete a non existing access rule under it's scope, it deletes by accident it's other existing access rule which are not associated with any application credentials, under his scope.

Comment 5 Salvatore Bonaccorso 2024-02-13 07:06:46 UTC
(In reply to Anten Skrabec from comment #0)
> When a user tries to delete a non existing access rule under it's scope, it
> deletes by accident it's other existing access rule which are not associated
> with any application credentials, under his scope.

Is there any more information on the exact issue, is it reported/known upstream?

Comment 7 errata-xmlrpc 2024-05-22 20:11:05 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 8

Via RHSA-2024:2769 https://access.redhat.com/errata/RHSA-2024:2769

Comment 8 errata-xmlrpc 2024-05-22 20:35:28 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2024:2737 https://access.redhat.com/errata/RHSA-2024:2737


Note You need to log in before you can comment on or make changes to this bug.