73 matches found
The vulnerability of the software for general access to openstack-manila files, related to errors in using standard permissions, allows a perpetrator to gain unauthorized access to common files.
The vulnerability of the openstack-manila software for general access to files is related to errors in the use of standard permissions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to common files, provided that the value of the UUID...
openstack-manila: User with share-network UUID is able to show, create and delete shares
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...
Moderate: Red Hat Security Advisory: openstack-manila security update
An update for openstack-manila is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : openstack-manila (RHSA-2020:2165)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2165 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. Security Fixes: User...
SUSE-SU-2020:1066-1 Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
This update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp...
RHEL 8 : openstack-manila (RHSA-2020:1326)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1326 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. Security Fixes: User...
openstack-manila: User with share-network UUID is able to show, create and delete shares
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...
OpenStack Manila Override Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. A security vulnerability exists in OpenStack Manila versions prior to 7.4.1, 8.0.0 through 8.1.1, and 9.0.0 through 9.1.1. An attacker cou...
CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
DEBIAN-CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
Code injection
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
PYSEC-2020-63
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
PYSEC-2020-63
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
CVE-2020-9543
CVE-2020-9543 affects OpenStack Manila (versions listed in the OpenStack Manila advisories). The issue arises from a context-free lookup of a UUID, allowing unprivileged attackers to view, update, delete, or share resources that do not belong to them, and potentially create resources such as shar...
SUSE-SU-2020:0660-1 Security update for openstack-manila
This update for openstack-manila fixes the following issues: - CVE-2020-9543: Fixed an issue where other project users to view, update, delete, or share resources that do not belong to them, due to a context-free lookup of a UUID bsc1165643...
SUSE-SU-2020:0659-1 Security update for openstack-manila
This update for openstack-manila fixes the following issues: - CVE-2020-9543: Fixed an issue where other project users to view, update, delete, or share resources that do not belong to them, due to a context-free lookup of a UUID bsc1165643...
CVE-2020-9543
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...