CVE-2022-3277

MEDIUM

Openstack-Neutron - DoS

Title source: llm

Description

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

References (2)

[Issue Tracking, Patch] https://bugs.launchpad.net/neutron/+bug/1988026

[Issue Tracking, Patch, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2129193

Scores

CVSS v3 6.5

EPSS 0.0047

EPSS Percentile 64.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (5)

openstack/neutron < 18.6.0

redhat/openstack_platform

pypi/neutron < 19.5.0PyPI

Timeline

Published Mar 06, 2023

Tracked Since Feb 18, 2026