CVE-2023-6110: 
Python vulnerability analysis and mitigation

CVE-2023-6110 is a security vulnerability discovered in OpenStack affecting the python-openstackclient component. The vulnerability was disclosed on November 17, 2024, and is related to access rule deletion functionality. When a user attempts to delete a non-existing access rule within their scope, the system incorrectly deletes other existing access rules that are not associated with any application credentials (NVD, Red Hat CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Moderate) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L. The flaw is classified as CWE-237 (Improper Handling of Structural Elements) and affects the access rule management functionality in OpenStack. The vulnerability requires network access and low privileges to exploit, with user interaction required (Red Hat CVE).

The vulnerability can lead to unintended deletion of access rules in OpenStack environments. When exploited, it affects the integrity of access rule configurations by accidentally removing valid access rules that are not associated with application credentials, potentially disrupting authorized access patterns (Red Hat CVE).

Red Hat has released security updates to address this vulnerability in OpenStack Platform 17.1 for both RHEL 8 and RHEL 9 environments through security advisories RHSA-2024:2769 and RHSA-2024:2737. Users are advised to update to the fixed versions of python-openstackclient (Red Hat Advisory 2737, Red Hat Advisory 2769).