Описание
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
A flaw was found in sushy-tools & VirtualBMC, where changing the boot device configuration removes password protection from the managed libvirt XML domain.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | python-sushy | Not affected | ||
| Red Hat OpenStack Platform 13.0 - ELS | python-virtualbmc | Fixed | RHSA-2022:8896 | 08.12.2022 |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | python-virtualbmc | Fixed | RHSA-2022:8896 | 08.12.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
EPSS
5.5 Medium
CVSS3