CVE-2020-9543

Name of the Vulnerable Software and Affected Versions OpenStack Manila versions prior to 7.4.1 OpenStack Manila versions 8.0.0 through 8.1.0 OpenStack Manila versions 9.0.0 through 9.1.0

Description The issue allows attackers to view, update, delete, or share resources that do not belong to them due to a context-free lookup of a UUID. This can also enable the creation of resources, such as shared file systems and groups of shares on such share networks. The vulnerability is related to errors in using standard permissions, which can allow a remote attacker to gain unauthorized access to shared files if the UUID value is known.

Recommendations For versions prior to 7.4.1, update to version 7.4.1 or later. For versions 8.0.0 through 8.1.0, update to version 8.1.1 or later. For versions 9.0.0 through 9.1.0, update to version 9.1.1 or later.