Skip to main content

Openstack Platform CVE-2023-3637

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2023-07-25 secalert@redhat.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 25, 2023 - 13:15 nvd
MEDIUM 6.5

DescriptionNVD

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

AnalysisAI

An uncontrolled resource consumption flaw was found in openstack-neutron. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. Affected products include: Redhat Openstack Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2022-2132 HIGH POC
8.6 Aug 31

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote

CVE-2022-2447 MEDIUM POC
6.6 Sep 01

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public explo

CVE-2020-25658 MEDIUM POC
5.9 Nov 12

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vuln

CVE-2020-10731 CRITICAL
9.9 Jul 31

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SEL

CVE-2023-1625 MEDIUM POC
5.0 Sep 24

An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely e

CVE-2022-0718 MEDIUM POC
4.9 Aug 29

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low

CVE-2017-15114 HIGH
8.1 Nov 27

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same ce

CVE-2023-1668 HIGH
8.2 Apr 10

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no au

CVE-2024-8007 HIGH
8.1 Aug 21

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. Rated hig

CVE-2022-23451 HIGH
8.1 Sep 06

An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely ex

CVE-2023-5625 HIGH
7.5 Nov 01

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, r

Share

CVE-2023-3637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy