CVE-2020-9543
First published: Thu Mar 12 2020(Updated: )
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Manila | <7.4.1 | |
| OpenStack Manila | >=8.0.0<8.1.1 | |
| OpenStack Manila | >=9.0.0<9.1.1 | |
| pip/manila | >=9.0.0<9.1.1 | 9.1.1 |
| pip/manila | >=8.0.0<8.1.1 | 8.1.1 |
| pip/manila | <7.4.1 | 7.4.1 |
| <7.4.1 | ||
| >=8.0.0<8.1.1 | ||
| >=9.0.0<9.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/03/12/1
- https://bugs.launchpad.net/manila/+bug/1861485
- https://security.openstack.org/ossa/OSSA-2020-002.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-9543
- https://github.com/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
- https://opendev.org/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
- https://github.com/advisories/GHSA-jx7v-gmqc-6xrj (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/manila/PYSEC-2020-63.yaml
Frequently Asked Questions
What is the vulnerability ID for OpenStack Manila?
The vulnerability ID for OpenStack Manila is CVE-2020-9543.
What are the affected software versions for this vulnerability?
The affected software versions for this vulnerability are OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1.
What is the severity level of CVE-2020-9543?
The severity level of CVE-2020-9543 is high.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability to view, update, delete, or share resources that do not belong to them, as well as create resources.
Where can I find more information about CVE-2020-9543?
You can find more information about CVE-2020-9543 at the following references: http://www.openwall.com/lists/oss-security/2020/03/12/1, https://bugs.launchpad.net/manila/+bug/1861485, and https://security.openstack.org/ossa/OSSA-2020-002.html.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jx7v-gmqc-6xrj
- alias/CVE-2020-9543
- agent/references
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/tags
- agent/source
- vendor/openstack
- canonical/openstack manila
- version/openstack manila/8.0.0
- version/openstack manila/9.0.0
- package-manager/pip