Lucene search

K
ubuntuUbuntuUSN-6073-4
HistoryMay 11, 2023 - 12:00 a.m.

os-brick vulnerability

2023-05-1100:00:00
ubuntu.com
20
ubuntu
os-brick
vulnerability
authentication
information leak
configuration changes
security advisory
openstack

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

Releases

  • Ubuntu 23.04
  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • python-os-brick - Library for managing local volume attaches

Details

Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.

This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:

<https://security.openstack.org/ossa/OSSA-2023-003.html&gt;

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%