Bug 2279562 - CVE-2023-6110 openstack-keystone: When a user tries to delete a non existing access rule, it deletes by accident another existing access rule in it's scope [openstack-17.1-rhel8-default]
Summary: CVE-2023-6110 openstack-keystone: When a user tries to delete a non existing ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-openstackclient
Version: 17.1 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z3
: 17.1
Assignee: OSP Team
QA Contact: Nobody
URL:
Whiteboard:
Depends On: 2209607
Blocks: CVE-2023-6110
TreeView+ depends on / blocked
 
Reported: 2024-05-07 13:20 UTC by Miguel Garcia
Modified: 2024-05-22 20:11 UTC (History)
13 users (show)

Fixed In Version: python-openstackclient-5.5.2-17.1.20230829213816.el8ost
Doc Type: No Doc Update
Doc Text:
Clone Of: 2209607
Environment:
Last Closed: 2024-05-22 20:11:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-32059 0 None None None 2024-05-08 07:57:58 UTC
Red Hat Product Errata RHSA-2024:2769 0 None None None 2024-05-22 20:11:10 UTC

Comment 7 MilanaLevy 2024-05-08 08:52:05 UTC 
verified on 17.1-rhel9 and patch is present in the rhel8 build
Comment 14 errata-xmlrpc 2024-05-22 20:11:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenStack Platform 17.1 (python-openstackclient) security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2769
Note You need to log in before you can comment on or make changes to this bug.