First published: Mon Jul 24 2023(Updated: )
Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes, please see the upstream advisory and the other links below for more information: https://security.openstack.org/ossa/OSSA-2023-003.html https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-glance-store | <4.3.0-0ubuntu1.3 | 4.3.0-0ubuntu1.3 |
=23.04 | ||
All of | ||
ubuntu/python3-cinder | <2:22.0.0-0ubuntu1.3 | 2:22.0.0-0ubuntu1.3 |
=23.04 | ||
All of | ||
ubuntu/python3-ironic | <1:21.4.0-0ubuntu1.1 | 1:21.4.0-0ubuntu1.1 |
=23.04 | ||
All of | ||
ubuntu/python3-os-brick | <6.2.0-0ubuntu2.3 | 6.2.0-0ubuntu2.3 |
=23.04 | ||
All of | ||
ubuntu/python3-nova | <3:27.0.0-0ubuntu1.3 | 3:27.0.0-0ubuntu1.3 |
=23.04 | ||
All of | ||
ubuntu/python3-glance-store | <3.0.0-0ubuntu1.3 | 3.0.0-0ubuntu1.3 |
=22.04 | ||
All of | ||
ubuntu/python3-cinder | <2:20.2.0-0ubuntu1.1 | 2:20.2.0-0ubuntu1.1 |
=22.04 | ||
All of | ||
ubuntu/python3-ironic | <1:20.1.0-0ubuntu1.1 | 1:20.1.0-0ubuntu1.1 |
=22.04 | ||
All of | ||
ubuntu/python3-os-brick | <5.2.2-0ubuntu1.2 | 5.2.2-0ubuntu1.2 |
=22.04 | ||
All of | ||
ubuntu/python3-nova | <3:25.1.1-0ubuntu1.1 | 3:25.1.1-0ubuntu1.1 |
=22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-6241-1.
The severity of USN-6241-1 is not specified in the information provided.
USN-6241-1 impacts OpenStack by incorrectly handling deleted volume attachments, which can allow an authenticated user or attacker to gain access to sensitive information.
The software versions affected by USN-6241-1 are: python3-glance-store 4.3.0-0ubuntu1.3, python3-cinder 2:22.0.0-0ubuntu1.3, python3-ironic 1:21.4.0-0ubuntu1.1, python3-os-brick 6.2.0-0ubuntu2.3, python3-nova 3:27.0.0-0ubuntu1.3, python3-glance-store 3.0.0-0ubuntu1.3, python3-cinder 2:20.2.0-0ubuntu1.1, python3-ironic 1:20.1.0-0ubuntu1.1, python3-os-brick 5.2.2-0ubuntu1.2, python3-nova 3:25.1.1-0ubuntu1.1.
To fix the USN-6241-1 vulnerability, please refer to the upstream advisory and apply the necessary configuration changes as mentioned.