MEDIUM 6.5

GHSA-r3jh-qhgj-gvr8

Denial of service in neutron

Details

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / neutron

Introduced in: 0

No fixed version published yet for neutron (pip). Pin to a known-safe version or switch to an alternative.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-3637 [ADVISORY]
https://access.redhat.com/errata/RHSA-2023:4283 [WEB]
https://access.redhat.com/security/cve/CVE-2023-3637 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=2222270 [WEB]