CVE-2023-2088

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack (affected versions not specified)

Description A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this issue by detaching one of their volumes from Cinder. The highest impact is to confidentiality. The vulnerability is related to a lack of protection for service data, which could allow a remote attacker to disclose protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-440

Related Identifiers

BDU:2023-02837

CVE-2023-2088

DLA-3871-1

RHSA-2023:3156

RHSA-2023:3157

RHSA-2023:3158

RHSA-2023:3161

USN-6073-1

USN-6073-2

USN-6073-3

USN-6073-4

USN-6073-5

USN-6073-6

USN-6073-7

USN-6073-8

USN-6073-9

USN-6241-1

Affected Products

Debian

Linuxmint

Openstack

Ubuntu

CVE-2023-2088

Weakness Enumeration

Related Identifiers

Affected Products

References · 50