openstack-cinder: silently access other user's volumes

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

USN-6073-5 nova regression

USN-6073-3 fixed a vulnerability in Nova. The update introduced a regression causing Nova to be unable to detach volumes from instances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly...

USN-6073-5: Nova regression

USN-6073-3 fixed a vulnerability in Nova. The update introduced a regression causing Nova to be unable to detach volumes from instances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Glance_store vulnerability (USN-6073-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6073-2 advisory. Jan Wasilewski and Gorka Eguileor discovered that Glancestore incorrectly handled deleted volume attachments. An authenticated user or attacke...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : os-brick vulnerability (USN-6073-4)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6073-4 advisory. Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Cinder vulnerability (USN-6073-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6073-1 advisory. Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker cou...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Nova vulnerability (USN-6073-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6073-3 advisory. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Ceph vulnerabilities (USN-6063-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6063-1 advisory. Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenStack Neutron vulnerabilities (USN-6067-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6067-1 advisory. David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could...

Ubuntu 18.04 LTS / 20.04 LTS : OpenStack Heat vulnerability (USN-6066-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6066-1 advisory. It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue t...

CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

DEBIAN-CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

Design/Logic Flaw

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

CVE-2023-2088

CVE-2023-2088 affects OpenStack components (Cinder/Nova) due to an inconsistency between Cinder and Nova. A remote, authenticated attacker can detach a volume from Cinder, with the highest impact on confidentiality. Public details in connected docs confirm a vulnerability arising from OpenStack s...

CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality...

USN-6073-4: os-brick vulnerability

Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see...