Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-2088

Published: May 12, 2023 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
9.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-2088
CWEhttps://cwe.mitre.org/data/definitions/.html

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Affected Software

Name Vendor Start Version End Version
Openstack Redhat - (including) - (including)
Red Hat OpenStack Platform 13.0 - ELS RedHat openstack-nova-1:17.0.13-41.el7ost *
Red Hat OpenStack Platform 13.0 - ELS RedHat python-glance-store-0:0.23.1-0.20190916165255.cc7ecc1.el7ost *
Red Hat OpenStack Platform 13.0 - ELS RedHat python-os-brick-0:2.3.9-12.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS RedHat openstack-nova-1:17.0.13-41.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS RedHat python-glance-store-0:0.23.1-0.20190916165255.cc7ecc1.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS RedHat python-os-brick-0:2.3.9-12.el7ost *
Red Hat OpenStack Platform 16.1 RedHat openstack-cinder-1:15.4.0-1.20230510003501.58f0e73.el8ost *
Red Hat OpenStack Platform 16.1 RedHat openstack-nova-1:20.4.1-1.20221005193232.el8ost *
Red Hat OpenStack Platform 16.1 RedHat python-glance-store-0:1.0.2-1.20220219073735.el8ost *
Red Hat OpenStack Platform 16.1 RedHat python-os-brick-0:2.10.5-1.20220112193420.634fb4a.el8ost *
Red Hat OpenStack Platform 16.2 RedHat openstack-cinder-1:15.6.1-2.20230310075425.a19c1c9.el8ost *
Red Hat OpenStack Platform 16.2 RedHat openstack-nova-1:20.6.2-2.20230308185149.el8ost *
Red Hat OpenStack Platform 16.2 RedHat python-glance-store-0:1.0.2-2.20230309124927.79e043a.el8ost *
Red Hat OpenStack Platform 16.2 RedHat python-os-brick-0:2.10.8-2.20220112064936.458bfad.el8ost *
Red Hat OpenStack Platform 16.2 RedHat tripleo-ansible-0:0.8.1-2.20230309004941.el8ost *
Red Hat OpenStack Platform 17.0 RedHat openstack-cinder-1:18.2.1-0.20230509200451.1776695.el9ost *
Red Hat OpenStack Platform 17.0 RedHat openstack-nova-1:23.2.2-0.20221209190754.7074ac0.el9ost *
Red Hat OpenStack Platform 17.0 RedHat python-glance-store-0:2.5.1-0.20230509140449.5f1cee6.el9ost *
Red Hat OpenStack Platform 17.0 RedHat python-os-brick-0:4.3.3-0.20220715140803.d09dc9e.el9ost *
Red Hat OpenStack Platform 17.0 RedHat tripleo-ansible-0:3.3.1-0.20221208161844.fa5422f.el9ost *
Cinder Ubuntu bionic *
Cinder Ubuntu esm-infra/bionic *
Cinder Ubuntu esm-infra/xenial *
Cinder Ubuntu focal *
Cinder Ubuntu jammy *
Cinder Ubuntu kinetic *
Cinder Ubuntu lunar *
Cinder Ubuntu trusty *
Cinder Ubuntu upstream *
Cinder Ubuntu xenial *
Ironic Ubuntu bionic *
Ironic Ubuntu esm-apps/bionic *
Ironic Ubuntu esm-apps/focal *
Ironic Ubuntu esm-apps/jammy *
Ironic Ubuntu esm-apps/xenial *
Ironic Ubuntu focal *
Ironic Ubuntu jammy *
Ironic Ubuntu kinetic *
Ironic Ubuntu lunar *
Ironic Ubuntu trusty *
Ironic Ubuntu xenial *
Nova Ubuntu bionic *
Nova Ubuntu devel *
Nova Ubuntu esm-infra/bionic *
Nova Ubuntu esm-infra/xenial *
Nova Ubuntu focal *
Nova Ubuntu jammy *
Nova Ubuntu kinetic *
Nova Ubuntu lunar *
Nova Ubuntu trusty *
Nova Ubuntu upstream *
Nova Ubuntu xenial *
Python-glance-store Ubuntu bionic *
Python-glance-store Ubuntu esm-infra/bionic *
Python-glance-store Ubuntu esm-infra/xenial *
Python-glance-store Ubuntu focal *
Python-glance-store Ubuntu jammy *
Python-glance-store Ubuntu kinetic *
Python-glance-store Ubuntu lunar *
Python-glance-store Ubuntu trusty *
Python-glance-store Ubuntu xenial *
Python-os-brick Ubuntu bionic *
Python-os-brick Ubuntu esm-infra/bionic *
Python-os-brick Ubuntu esm-infra/xenial *
Python-os-brick Ubuntu focal *
Python-os-brick Ubuntu jammy *
Python-os-brick Ubuntu kinetic *
Python-os-brick Ubuntu lunar *
Python-os-brick Ubuntu trusty *
Python-os-brick Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use