MEDIUM 5.5
PYSEC-2026-1853
OpenStack improperly deletes access rules
Details
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / python-openstackclient
Introduced in:
0 Fixed in: 6.3.0 Fix
pip install --upgrade 'python-openstackclient>=6.3.0' References
- https://nvd.nist.gov/vuln/detail/CVE-2023-6110 [ADVISORY]
- https://github.com/openstack/python-openstackclient/commit/bc60e3bb908a7f10c87993d791184bfe46784d6c [WEB]
- https://access.redhat.com/errata/RHSA-2024:2737 [WEB]
- https://access.redhat.com/errata/RHSA-2024:2769 [WEB]
- https://access.redhat.com/security/cve/CVE-2023-6110 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=2212960 [WEB]
- https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf [WEB]
- https://github.com/openstack/python-openstackclient [PACKAGE]
- https://review.opendev.org/c/openstack/python-openstackclient/+/888697 [WEB]
- https://pypi.org/project/python-openstackclient [PACKAGE]
- https://github.com/advisories/GHSA-2ppf-2m6f-6v6f [ADVISORY]