Tobias Rydberg

**Name of the Vulnerable Software and Affected Versions** OpenStack Manila versions prior to 7.4.1 OpenStack Manila versions 8.0.0 through 8.1.0 OpenStack Manila versions 9.0.0 through 9.1.0 **Description** The issue allows attackers to view, update, delete, or share resources that do not belong to them due to a context-free lookup of a `UUID`. This can also enable the creation of resources, such as shared file systems and groups of shares on such share networks. The vulnerability is related to errors in using standard permissions, which can allow a remote attacker to gain unauthorized access to shared files if the `UUID` value is known. **Recommendations** For versions prior to 7.4.1, update to version 7.4.1 or later. For versions 8.0.0 through 8.1.0, update to version 8.1.1 or later. For versions 9.0.0 through 9.1.0, update to version 9.1.1 or later.