CVE-2022-3277

2023-03-0623:15:10

CWE-400

[email protected]

web.nvd.nist.gov

cve-2022-3277

openstack-neutron

remote authenticated user

security groups

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user’s quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Affected configurations

Vulners

NVD

Node

openstackneutron

openstackneutronRange≤16.1

openstackneutronRange≤16.2

VendorProductVersionCPE
openstackneutron*cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
openstackneutron*cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
openstackneutron*cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	neutron	*	cpe:2.3:a:openstack:neutron::::::::
openstack	neutron	*	cpe:2.3:a:openstack:neutron::::::::
openstack	neutron	*	cpe:2.3:a:openstack:neutron::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "openstack-neutron",
    "versions": [
      {
        "version": "As shipped with Red Hat Openstack 13, 16.1, and 16.2",
        "status": "affected"
      }
    ]
  }
]