- Vulnerability/
- USN-6073-1
USN-6073-1: Cinder vulnerability
First published: Thu May 11 2023(Updated: )
Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see the upstream advisory for more information: https://security.openstack.org/ossa/OSSA-2023-003.html
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-cinder | <2:22.0.0-0ubuntu1.1 | 2:22.0.0-0ubuntu1.1 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/python3-cinder | <2:21.1.0-0ubuntu2.1 | 2:21.1.0-0ubuntu2.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/python3-cinder | <2:20.1.0-0ubuntu2.1 | 2:20.1.0-0ubuntu2.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/python3-cinder | <2:16.4.2-0ubuntu2.3 | 2:16.4.2-0ubuntu2.3 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-2088
- https://ubuntu.com/security/notices/USN-6073-2
- https://ubuntu.com/security/notices/USN-6073-3
- https://ubuntu.com/security/notices/USN-6073-4
- https://ubuntu.com/security/notices/USN-6241-1
- https://launchpad.net/ubuntu/+source/cinder/2:22.0.0-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/cinder/2:21.1.0-0ubuntu2.1
- https://launchpad.net/ubuntu/+source/cinder/2:20.1.0-0ubuntu2.1
- https://launchpad.net/ubuntu/+source/cinder/2:16.4.2-0ubuntu2.3
- https://ubuntu.com/security/notices/USN-6073-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this security notice?
The vulnerability ID for this security notice is USN-6073-1.
Who discovered the vulnerability?
Jan Wasilewski and Gorka Eguileor discovered the vulnerability.
What is the impact of this vulnerability?
An authenticated user or attacker could gain access to sensitive information.
How can I fix this vulnerability?
To fix this vulnerability, update the python3-cinder package to version 2:22.0.0-0ubuntu1.1 or later.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu security website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6073-2
- anchor-related/USN-6073-3
- anchor-related/USN-6073-4
- anchor-related/USN-6241-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04