VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2u2t-7m4q-fygj

Essentials
Severities (25)
References (20)
Severity details (24)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2u2t-7m4q-fygj
Aliases	CVE-2022-3277 GHSA-w446-h7vg-wv3p
Summary	openstack-neutron uncontrolled resource consumption flaw An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-3277
cvssv3.1	6.5	https://bugs.launchpad.net/neutron/+bug/1988026
generic_textual	MODERATE	https://bugs.launchpad.net/neutron/+bug/1988026
ssvc	Track	https://bugs.launchpad.net/neutron/+bug/1988026
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=2129193
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2129193
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2129193
cvssv3.1	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://github.com/openstack/neutron
generic_textual	MODERATE	https://github.com/openstack/neutron
cvssv3.1	6.5	https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e
generic_textual	MODERATE	https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e
cvssv3.1	6.5	https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316
generic_textual	MODERATE	https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316
cvssv3.1	6.5	https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c
generic_textual	MODERATE	https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c
cvssv3.1	6.5	https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1
generic_textual	MODERATE	https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1
cvssv3.1	6.5	https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476
generic_textual	MODERATE	https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476
cvssv3.1	6.5	https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05
generic_textual	MODERATE	https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-3277
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-3277

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-3277
		https://bugs.launchpad.net/neutron/+bug/1988026
		https://bugzilla.redhat.com/show_bug.cgi?id=2129193
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3277
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/openstack/neutron
		https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e
		https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316
		https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c
		https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1
		https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476
		https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05
		https://nvd.nist.gov/vuln/detail/CVE-2022-3277
1027150		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027150
GHSA-w446-h7vg-wv3p		https://github.com/advisories/GHSA-w446-h7vg-wv3p
RHSA-2022:8855		https://access.redhat.com/errata/RHSA-2022:8855
RHSA-2022:8870		https://access.redhat.com/errata/RHSA-2022:8870
RHSA-2023:0275		https://access.redhat.com/errata/RHSA-2023:0275
USN-6067-1		https://usn.ubuntu.com/6067-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugs.launchpad.net/neutron/+bug/1988026

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T15:54:44Z/ Found at https://bugs.launchpad.net/neutron/+bug/1988026

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2129193

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T15:54:44Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2129193

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3277

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.61095
EPSS Score	0.00402
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:07:26.830266+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-w446-h7vg-wv3p/GHSA-w446-h7vg-wv3p.json	38.6.0