Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-2088
HistoryMay 10, 2023 - 12:00 a.m.

CVE-2023-2088

2023-05-1000:00:00
ubuntu.com
ubuntu.com
9
openstack
cinder
nova
cve-2023-2088
vulnerability
confidentiality
remote attacker
volume detachment
regression
updates.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%

A flaw was found in OpenStack due to an inconsistency between Cinder and
Nova. This issue can be triggered intentionally or by accident. A remote,
authenticated attacker could exploit this vulnerability by detaching one of
their volumes from Cinder. The highest impact is to confidentiality.

Bugs

Notes

Author Note
mdeslaur The fix for this CVE was reverted in USN-6073-6 to USN-6073-9 as it was causing problems detaching volumes. These updates may require configuration changes, see: https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html Due to the extensive changes required to fix this issue, we will not be releasing updates for Focal and earlier.
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchcinder< 2:20.2.0-0ubuntu1.1UNKNOWN
ubuntu23.04noarchcinder< 2:22.0.0-0ubuntu1.3UNKNOWN
ubuntu22.04noarchironic< 1:20.1.0-0ubuntu1.1UNKNOWN
ubuntu23.04noarchironic< 1:21.4.0-0ubuntu1.1UNKNOWN
ubuntu22.04noarchnova< 3:25.1.1-0ubuntu1.1UNKNOWN
ubuntu23.04noarchnova< 3:27.0.0-0ubuntu1.3UNKNOWN
ubuntu22.04noarchpython-glance-store< 3.0.0-0ubuntu1.3UNKNOWN
ubuntu23.04noarchpython-glance-store< 4.3.0-0ubuntu1.3UNKNOWN
ubuntu22.04noarchpython-os-brick< 5.2.2-0ubuntu1.2UNKNOWN
ubuntu23.04noarchpython-os-brick< 6.2.0-0ubuntu2.3UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%