Описание
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| manila | fixed | 1:9.0.0-5 | package | |
| manila | fixed | 1:7.0.0-1+deb10u1 | buster | package |
| manila | no-dsa | stretch | package |
Примечания
https://bugs.launchpad.net/manila/+bug/1861485
https://security.openstack.org/ossa/OSSA-2020-002.html
Связанные уязвимости
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
Уязвимость программного средства для общего доступа к файлам openstack-manila, связанная с ошибками использования стандартных разрешений, позволяющая нарушителю получить несанкционированный доступ к общим файлам