Описание
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.21.1 (исключая)Версия до 3.0.0 (исключая)
Одно из
cpe:2.3:a:opendev:sushy-tools:*:*:*:*:*:openstack:*:*
cpe:2.3:a:opendev:virtualbmc:*:*:*:*:*:openstack:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00094
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-281
CWE-281
Связанные уязвимости
CVSS3: 5.5
redhat
больше 3 лет назад
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
CVSS3: 5.5
github
больше 3 лет назад
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
EPSS
Процентиль: 27%
0.00094
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-281
CWE-281