GitHub Advisory DatabaseGHSA-JX7V-GMQC-6XRJOpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
Low
EPSS
Percentile
53.5%
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Affected configurations
References
www.openwall.com/lists/oss-security/2020/03/12/1
bugs.launchpad.net/manila/+bug/1861485
github.com/advisories/GHSA-jx7v-gmqc-6xrj
github.com/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
nvd.nist.gov/vuln/detail/CVE-2020-9543
opendev.org/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
security.openstack.org/ossa/OSSA-2020-002.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
Low
EPSS
Percentile
53.5%