CVE-2023-2088
CVE-2023-2088
6.5
MediumPublished:
Last updated:
Source:secalert@redhat.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- None
- Availability
- None
Description
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
References
secalert@redhat.com
https://bugs.launchpad.net/bugs/2004555secalert@redhat.com
https://security.openstack.org/ossa/OSSA-2023-003.htmlaf854a3a-2127-422b-91ae-364da2661108
https://bugs.launchpad.net/bugs/2004555af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2024/09/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
https://security.openstack.org/ossa/OSSA-2023-003.html