First published: Wed May 10 2023(Updated: )
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Openstack | ||
ubuntu/cinder | <2:20.2.0-0ubuntu1.1 | 2:20.2.0-0ubuntu1.1 |
ubuntu/cinder | <2:22.0.0-0ubuntu1.3 | 2:22.0.0-0ubuntu1.3 |
ubuntu/cinder | <22.1.0 | 22.1.0 |
ubuntu/ironic | <1:20.1.0-0ubuntu1.1 | 1:20.1.0-0ubuntu1.1 |
ubuntu/ironic | <1:21.4.0-0ubuntu1.1 | 1:21.4.0-0ubuntu1.1 |
ubuntu/nova | <3:25.1.1-0ubuntu1.1 | 3:25.1.1-0ubuntu1.1 |
ubuntu/nova | <3:27.0.0-0ubuntu1.3 | 3:27.0.0-0ubuntu1.3 |
ubuntu/nova | <27.1.0 | 27.1.0 |
ubuntu/python-glance-store | <3.0.0-0ubuntu1.3 | 3.0.0-0ubuntu1.3 |
ubuntu/python-glance-store | <4.3.0-0ubuntu1.3 | 4.3.0-0ubuntu1.3 |
ubuntu/python-os-brick | <5.2.2-0ubuntu1.2 | 5.2.2-0ubuntu1.2 |
ubuntu/python-os-brick | <6.2.0-0ubuntu2.3 | 6.2.0-0ubuntu2.3 |
debian/cinder | <=2:13.0.3-1<=2:13.0.7-1+deb10u2<=2:17.0.1-1+deb11u1 | 2:21.1.0-3 2:24.0.0-1 |
debian/nova | <=2:18.1.0-6<=2:18.1.0-6+deb10u2<=2:22.0.1-2+deb11u1 | 2:26.1.0-4 2:29.0.1-3 |
debian/python-glance-store | <=0.26.1-4<=2.3.0-4 | 4.1.0-4 4.7.0-4 |
debian/python-os-brick | <=2.5.5-1<=4.0.1-2 | 6.1.0-3 6.7.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2023-2088 is a vulnerability in OpenStack that allows a remote, authenticated attacker to exploit an inconsistency between Cinder and Nova, resulting in a confidentiality impact.
The CVE-2023-2088 vulnerability can be triggered intentionally or by accident when a remote, authenticated attacker detaches one of their volumes from Cinder.
The severity of CVE-2023-2088 is medium with a CVSS score of 6.5.
The software affected by CVE-2023-2088 includes Redhat Openstack, python-glance-store (version 3.0.0-0ubuntu1.3 and 4.3.0-0ubuntu1.3), python-os-brick (version 5.2.2-0ubuntu1.2 and 6.2.0-0ubuntu2.3), nova (version 3:27.0.0-0ubuntu1.3 and 27.1.0), ironic (version 1:20.1.0-0ubuntu1.1 and 1:21.4.0-0ubuntu1.1), and cinder (version 22.1.0, 2:20.2.0-0ubuntu1.1, 2:22.0.0-0ubuntu1.3, and 2:13.0.3-1, 2:13.0.7-1+deb10u2, 2:17.0.1-1+deb11u1).
Yes, you can find more information about CVE-2023-2088 on the following references and resources: [1] [2] [3].