What is CVE-2023-2088?

CVE-2023-2088 is a vulnerability in OpenStack that allows a remote, authenticated attacker to exploit an inconsistency between Cinder and Nova, resulting in a confidentiality impact.

How can the CVE-2023-2088 vulnerability be triggered?

The CVE-2023-2088 vulnerability can be triggered intentionally or by accident when a remote, authenticated attacker detaches one of their volumes from Cinder.

What is the severity of CVE-2023-2088?

The severity of CVE-2023-2088 is medium with a CVSS score of 6.5.

Which software and versions are affected by CVE-2023-2088?

The software affected by CVE-2023-2088 includes Redhat Openstack, python-glance-store (version 3.0.0-0ubuntu1.3 and 4.3.0-0ubuntu1.3), python-os-brick (version 5.2.2-0ubuntu1.2 and 6.2.0-0ubuntu2.3), nova (version 3:27.0.0-0ubuntu1.3 and 27.1.0), ironic (version 1:20.1.0-0ubuntu1.1 and 1:21.4.0-0ubuntu1.1), and cinder (version 22.1.0, 2:20.2.0-0ubuntu1.1, 2:22.0.0-0ubuntu1.3, and 2:13.0.3-1, 2:13.0.7-1+deb10u2, 2:17.0.1-1+deb11u1).

Are there any references or resources related to CVE-2023-2088?

Yes, you can find more information about CVE-2023-2088 on the following references and resources: [1] [2] [3].

Vulnerability/
CVE-2023-2088

medium

6.5

CWE

200 440

12/5/2023

2/8/2024

CVE-2023-2088: Infoleak

First published: Fri May 12 2023(Updated: )

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Openstack
debian/cinder	<=2:17.0.1-1+deb11u1	2:17.4.0-1~deb11u2 2:21.3.1-1~deb12u1 2:25.0.0~rc1-2
debian/nova	<=2:22.0.1-2+deb11u1<=2:22.4.0-1~deb11u5	2:26.2.2-1~deb12u3 2:30.0.0~rc1-1
debian/python-glance-store	<=2.3.0-4	4.1.0-4 4.8.1-2
debian/python-os-brick	<=4.0.1-2	6.1.0-3 6.9.0-2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-2088?
CVE-2023-2088 is a vulnerability in OpenStack that allows a remote, authenticated attacker to exploit an inconsistency between Cinder and Nova, resulting in a confidentiality impact.
How can the CVE-2023-2088 vulnerability be triggered?
The CVE-2023-2088 vulnerability can be triggered intentionally or by accident when a remote, authenticated attacker detaches one of their volumes from Cinder.
What is the severity of CVE-2023-2088?
The severity of CVE-2023-2088 is medium with a CVSS score of 6.5.
Which software and versions are affected by CVE-2023-2088?
The software affected by CVE-2023-2088 includes Redhat Openstack, python-glance-store (version 3.0.0-0ubuntu1.3 and 4.3.0-0ubuntu1.3), python-os-brick (version 5.2.2-0ubuntu1.2 and 6.2.0-0ubuntu2.3), nova (version 3:27.0.0-0ubuntu1.3 and 27.1.0), ironic (version 1:20.1.0-0ubuntu1.1 and 1:21.4.0-0ubuntu1.1), and cinder (version 22.1.0, 2:20.2.0-0ubuntu1.1, 2:22.0.0-0ubuntu1.3, and 2:13.0.3-1, 2:13.0.7-1+deb10u2, 2:17.0.1-1+deb11u1).
Are there any references or resources related to CVE-2023-2088?
Yes, you can find more information about CVE-2023-2088 on the following references and resources: [1] [2] [3].

collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/first-publish-date
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/author
agent/description
agent/references
collector/nvd-api
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/redhat
canonical/redhat openstack
package-manager/debian