Lucene search

K
redhatcveRedhat.comRH:CVE-2023-2088
HistoryMay 10, 2023 - 2:52 p.m.

CVE-2023-2088

2023-05-1014:52:00
redhat.com
access.redhat.com
16
openstack
cinder
nova
flaw
vulnerability
remote attacker
confidentiality
red hat
mitigation

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Mitigation

Red Hat OpenStack Platform 13: <https://access.redhat.com/solutions/7012184&gt;
Red Hat OpenStack Platform 16 and newer: <https://access.redhat.com/solutions/7012327&gt;

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%