GHSA-2ppf-2m6f-6v6f

Suggest an improvement
Source
https://github.com/advisories/GHSA-2ppf-2m6f-6v6f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-2ppf-2m6f-6v6f/GHSA-2ppf-2m6f-6v6f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2ppf-2m6f-6v6f
Aliases
Published
2024-11-17T12:30:29Z
Modified
2024-12-05T22:25:31.369568Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
OpenStack improperly deletes access rules
Details

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

Database specific
{
    "nvd_published_at": "2024-11-17T11:15:06Z",
    "cwe_ids": [
        "CWE-237"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T20:08:25Z"
}
References

Affected packages

PyPI / python-openstackclient

Package

Name
python-openstackclient
View open source insights on deps.dev
Purl
pkg:pypi/python-openstackclient

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.0

Affected versions

0.*

0.1.51
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.4.0
0.4.1

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0

2.*

2.0.0
2.1.0
2.2.0
2.3.0
2.3.1
2.4.0
2.5.0
2.6.0

3.*

3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.6.0
3.7.0
3.8.0
3.8.1
3.8.2
3.9.0
3.10.0
3.11.0
3.12.0
3.12.1
3.12.2
3.13.0
3.14.0
3.14.1
3.14.2
3.14.3
3.15.0
3.16.0
3.16.1
3.16.2
3.16.3
3.17.0
3.18.0
3.18.1
3.19.0

4.*

4.0.0
4.0.1
4.0.2

5.*

5.0.0
5.1.0
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.4.0
5.5.0
5.5.1
5.6.0
5.6.1
5.6.2
5.7.0
5.8.0
5.8.1

6.*

6.0.0
6.0.1
6.1.0
6.2.0
6.2.1