Key Information Vulnerability Description CVE Number: CVE-2023-6110 Public Disclosure Date: January 24, 2024 Last Updated Date: November 22, 2024 Impact Level: Medium CVSS v3 Score: 5.5 Affected Scope Affected Packages and Red Hat Security Patches: - Red Hat OpenStack Platform 17.1 for RHEL 8 - Red Hat OpenStack Platform 17.1 for RHEL 9 - Red Hat OpenStack Platform 16.1 - Red Hat OpenStack Platform 16.2 - Red Hat OpenStack Platform 17.0 - Red Hat OpenStack Platform 18.0 CVSS v3 Analysis CVSS v3 Base Score: 5.5 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: Low Frequently Asked Questions Why does Red Hat’s CVSS v3 score or impact level differ from other vendors? My product is listed as “under investigation” or “affected.” When will Red Hat release a fix? If my product is listed as “will not be fixed,” what should I do? If my product is listed as “fix deferred,” what should I do? What are mitigations? I have a Red Hat product, but it’s not listed above. Is it affected? Why does my security scanner report this vulnerability on my product, even though my product version is patched or unaffected? My product is listed as “out of support.” What does this mean? External References CVE-2023-6110 NVD Red Hat Code Engineering OpenStack Review Last Updated Date November 22, 2024, 8:50:31 PM UTC Copyright CVE description copyright © 2021