CVE-2023-2088

2023-05-1000:00:00

ubuntu.com

openstack

cinder

nova

cve-2023-2088

vulnerability

confidentiality

remote attacker

volume detachment

regression

updates.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%

JSON

A flaw was found in OpenStack due to an inconsistency between Cinder and
Nova. This issue can be triggered intentionally or by accident. A remote,
authenticated attacker could exploit this vulnerability by detaching one of
their volumes from Cinder. The highest impact is to confidentiality.

Bugs

<https://launchpad.net/bugs/2004555>
<https://bugs.launchpad.net/ubuntu/+source/nova/+bug/2020111 (regession)>
<https://bugs.launchpad.net/ironic/+bug/2019892 (regression)>

Notes

Author	Note
mdeslaur	The fix for this CVE was reverted in USN-6073-6 to USN-6073-9 as it was causing problems detaching volumes. These updates may require configuration changes, see: https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html Due to the extensive changes required to fix this issue, we will not be releasing updates for Focal and earlier.

Author

Note

mdeslaur

The fix for this CVE was reverted in USN-6073-6 to USN-6073-9 as it was causing problems detaching volumes. These updates may require configuration changes, see: https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html Due to the extensive changes required to fix this issue, we will not be releasing updates for Focal and earlier.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchcinder< 2:20.2.0-0ubuntu1.1UNKNOWN
ubuntu23.04noarchcinder< 2:22.0.0-0ubuntu1.3UNKNOWN
ubuntu22.04noarchironic< 1:20.1.0-0ubuntu1.1UNKNOWN
ubuntu23.04noarchironic< 1:21.4.0-0ubuntu1.1UNKNOWN
ubuntu22.04noarchnova< 3:25.1.1-0ubuntu1.1UNKNOWN
ubuntu23.04noarchnova< 3:27.0.0-0ubuntu1.3UNKNOWN
ubuntu22.04noarchpython-glance-store< 3.0.0-0ubuntu1.3UNKNOWN
ubuntu23.04noarchpython-glance-store< 4.3.0-0ubuntu1.3UNKNOWN
ubuntu22.04noarchpython-os-brick< 5.2.2-0ubuntu1.2UNKNOWN
ubuntu23.04noarchpython-os-brick< 6.2.0-0ubuntu2.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	cinder	< 2:20.2.0-0ubuntu1.1	UNKNOWN
ubuntu	23.04	noarch	cinder	< 2:22.0.0-0ubuntu1.3	UNKNOWN
ubuntu	22.04	noarch	ironic	< 1:20.1.0-0ubuntu1.1	UNKNOWN
ubuntu	23.04	noarch	ironic	< 1:21.4.0-0ubuntu1.1	UNKNOWN
ubuntu	22.04	noarch	nova	< 3:25.1.1-0ubuntu1.1	UNKNOWN
ubuntu	23.04	noarch	nova	< 3:27.0.0-0ubuntu1.3	UNKNOWN
ubuntu	22.04	noarch	python-glance-store	< 3.0.0-0ubuntu1.3	UNKNOWN
ubuntu	23.04	noarch	python-glance-store	< 4.3.0-0ubuntu1.3	UNKNOWN
ubuntu	22.04	noarch	python-os-brick	< 5.2.2-0ubuntu1.2	UNKNOWN
ubuntu	23.04	noarch	python-os-brick	< 6.2.0-0ubuntu2.3	UNKNOWN