Описание
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).
Меры по смягчению последствий
There is no known mitigation for this issue, the flaw can only be resolved by applying updates.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 10 (Newton) | openstack-manila | Will not fix | ||
| Red Hat OpenStack Platform 13.0 (Queens) | openstack-manila | Fixed | RHSA-2020:2729 | 24.06.2020 |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | openstack-manila | Fixed | RHSA-2020:2729 | 24.06.2020 |
| Red Hat OpenStack Platform 15.0 (Stein) | openstack-manila | Fixed | RHSA-2020:1326 | 06.04.2020 |
| Red Hat OpenStack Platform 16.0 (Train) | openstack-manila | Fixed | RHSA-2020:2165 | 14.05.2020 |
Показывать по
Дополнительная информация
Статус:
8.3 High
CVSS3
Связанные уязвимости
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows att ...
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
Уязвимость программного средства для общего доступа к файлам openstack-manila, связанная с ошибками использования стандартных разрешений, позволяющая нарушителю получить несанкционированный доступ к общим файлам
8.3 High
CVSS3