GitHub Advisory DatabaseGHSA-JX7V-GMQC-6XRJOpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
6.6 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.5%
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Affected configurations
References
www.openwall.com/lists/oss-security/2020/03/12/1
bugs.launchpad.net/manila/+bug/1861485
github.com/advisories/GHSA-jx7v-gmqc-6xrj
github.com/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
nvd.nist.gov/vuln/detail/CVE-2020-9543
opendev.org/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
security.openstack.org/ossa/OSSA-2020-002.html
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
6.6 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.5%