CVE-2023-2088
published 2023-05-12CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cinder | < cinder 2:21.1.0-3 (bookworm) | cinder 2:21.1.0-3 (bookworm) |
| debian | nova | < cinder 2:21.1.0-3 (bookworm) | cinder 2:21.1.0-3 (bookworm) |
| debian | python-glance-store | < cinder 2:21.1.0-3 (bookworm) | cinder 2:21.1.0-3 (bookworm) |
| debian | python-os-brick | < cinder 2:21.1.0-3 (bookworm) | cinder 2:21.1.0-3 (bookworm) |
| msrc | microsoft_edge | — | — |
| msrc | microsoft_edge_extended_stable | — | — |
| msrc | microsoft_edge_for_android | — | — |
| openstack | cinder | >= 0 < 2:17.4.0-1~deb11u2 | 2:17.4.0-1~deb11u2 |
| openstack | cinder | >= 0 < 2:21.1.0-3 | 2:21.1.0-3 |
| openstack | cinder | >= 0 < 2:21.1.0-3 | 2:21.1.0-3 |
| openstack | cinder | >= 0 < 2:21.1.0-3 | 2:21.1.0-3 |
| openstack | cinder | >= 0 < 2:20.2.0-0ubuntu1.1 | 2:20.2.0-0ubuntu1.1 |
| openstack | ironic | >= 0 < 1:20.1.0-0ubuntu1.1 | 1:20.1.0-0ubuntu1.1 |
| openstack | nova | >= 0 < 2:26.1.0-4 | 2:26.1.0-4 |
| openstack | nova | >= 0 < 2:26.1.0-4 | 2:26.1.0-4 |
| openstack | nova | >= 0 < 2:26.1.0-4 | 2:26.1.0-4 |
| openstack | nova | >= 0 < 3:25.1.1-0ubuntu1.1 | 3:25.1.1-0ubuntu1.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM