PT-2023-2882 · Openstack+3 · Openstack+3

Gorka Eguileor

Publicado

2023-05-10

Atualizado

2024-09-05

CVE-2023-2088

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack (affected versions not specified)

Description A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this issue by detaching one of their volumes from Cinder. The highest impact is to confidentiality. The vulnerability is related to a lack of protection for service data, which could allow a remote attacker to disclose protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-440

Identificadores relacionados

BDU:2023-02837

CVE-2023-2088

DLA-3871-1

RHSA-2023:3156

RHSA-2023:3157

RHSA-2023:3158

RHSA-2023:3161

USN-6073-1

USN-6073-2

USN-6073-3

USN-6073-4

USN-6073-5

USN-6073-6

USN-6073-7

USN-6073-8

USN-6073-9

USN-6241-1

Produtos afetados

Debian

Linuxmint

Openstack

Ubuntu

PT-2023-2882 · Openstack+3 · Openstack+3

CVE-2023-2088

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50