CVE-2022-3277
MEDIUMopenstack-neutron < 18.6.0 and >=19.0.0.0rc1 <19.5.0 - Authenticated Denial of Service via Security Group Query
Title source: llmDescription
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
References (2)
Core 2
Core References
Issue Tracking, Patch
https://bugs.launchpad.net/neutron/+bug/1988026
Issue Tracking, Patch, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2129193
Scores
CVSS v3
6.5
EPSS
0.0040
EPSS Percentile
61.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (5)
openstack/neutron
< 18.6.0
pypi/neutron
19.0.0.0rc1 - 19.5.0PyPI
redhat/openstack_platform
13.0
redhat/openstack_platform
16.1
redhat/openstack_platform
16.2
Published
Mar 06, 2023
Tracked Since
Feb 18, 2026