CVE-2023-2088Expected Behavior Violation in Redhat Openstack

CWE-440Expected Behavior ViolationCWE-826Premature Release of Resource During Expected LifetimeCWE-200Sensitive Information ExposureCWE-416Use After Free33 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 67.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack CinderOpenstack NovaRedhat Openstack
Timeline
PublishedMay 12
Latest updateNov 14

Description

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianopenstack/cinder< 2:17.4.0-1~deb11u2+3
Debianopenstack/nova< 2:26.1.0-4+2
CVEListV5redhat/openstackunknown

🔴Vulnerability Details

4
OSV
cinder, ironic, nova, python-glance-store, python-os-brick vulnerability2023-07-24
GHSA
GHSA-fvf4-jv3j-73mq: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova2023-05-12
CVEList
CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova2023-05-12
OSV
CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova2023-05-12

💥Exploits & PoCs

1
Exploit-DB
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation2023-05-25

📋Vendor Advisories

26
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-14
Microsoft
Chromium: CVE-2023-5996 Use after free in WebAudio2023-11-14
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-11-14
Microsoft
Chromium: CVE-2023-5481 Inappropriate implementation in Downloads2023-10-10
Microsoft
Chromium: CVE-2023-5483 Inappropriate implementation in Intents2023-10-10