Описание
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cinder | fixed | 2:21.1.0-3 | package | |
| cinder | no-dsa | buster | package | |
| python-glance-store | fixed | 4.1.0-4 | package | |
| python-glance-store | no-dsa | bullseye | package | |
| python-glance-store | no-dsa | buster | package | |
| nova | fixed | 2:26.1.0-4 | package | |
| nova | no-dsa | bullseye | package | |
| nova | no-dsa | buster | package | |
| python-os-brick | fixed | 4.1.0-3 | package | |
| python-os-brick | no-dsa | bullseye | package | |
| python-os-brick | no-dsa | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2023/05/10/5
https://bugs.launchpad.net/nova/+bug/2004555
Связанные уязвимости
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Уязвимость платформы облачных сервисов Openstack, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию