Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-3277

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Related bugs and status

CVE-2022-3277 (Candidate) is related to these bugs:

Bug #1988026: Neutron should not create security group with project==None

Summary				In	Importance	Status
	1988026	Neutron should not create security group with project==None		neutron	Critical	Fix Released
	1988026	Neutron should not create security group with project==None		OpenStack Security Advisory	Undecided	New

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MISC: https://bugzilla.redha...