Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-10731

Published: Jul 31, 2020 | Modified: Oct 19, 2021
CVSS 3.x
9.9
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
9.9 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-10731
CWEhttps://cwe.mitre.org/data/definitions/.html

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.

Affected Software

Name Vendor Start Version End Version
Openstack_platform Redhat 15.0 (including) 15.0 (including)
Openstack_platform Redhat 16.0 (including) 16.0 (including)
Openstack_platform Redhat 16.1 (including) 16.1 (including)
Red Hat OpenStack Platform 15.0 (Stein) RedHat openstack-tripleo-heat-templates-0:10.6.3-0.20200113185561.cf467ea.el8ost *
Red Hat OpenStack Platform 15.0 (Stein) RedHat python-paunch-0:4.5.3-0.20200108190460.3c38fe6.el8ost *
Red Hat OpenStack Platform 16.0 (Train) RedHat openstack-tripleo-heat-templates-0:11.3.2-0.20200405044628.ec9970c.el8ost *
Red Hat OpenStack Platform 16.0 (Train) RedHat python-paunch-0:5.3.2-0.20200320172310.ebc49c4.el8ost *
Red Hat OpenStack Platform 16.1 RedHat openstack-tripleo-heat-templates-0:11.3.2-0.20200616081532.396affd.el8ost *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use