CVE-2023-2088

EUVD-2023-33614
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
redhatopenstack
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cinder
bookworm
2:21.3.1-1~deb12u1
fixed
bookworm (security)
2:21.3.1-1~deb12u1
fixed
bullseye
no-dsa
bullseye (security)
2:17.4.0-1~deb11u2
fixed
buster
no-dsa
sid
2:25.0.0-5
fixed
trixie
2:25.0.0-2
fixed
nova
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
bullseye
no-dsa
bullseye (security)
vulnerable
buster
no-dsa
sid
2:30.0.0-5
fixed
trixie
2:30.0.0-4
fixed
python-glance-store
bookworm
4.1.0-4
fixed
bullseye
no-dsa
buster
no-dsa
sid
4.8.1-3
fixed
trixie
4.8.1-3
fixed
python-os-brick
bookworm
6.1.0-3
fixed
bullseye
no-dsa
buster
no-dsa
sid
6.9.0-3
fixed
trixie
6.9.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cinder
bionic
ignored
focal
ignored
jammy
Fixed 2:20.2.0-0ubuntu1.1
released
kinetic
ignored
lunar
Fixed 2:22.0.0-0ubuntu1.3
released
trusty
ignored
xenial
ignored
ironic
bionic
ignored
focal
ignored
jammy
Fixed 1:20.1.0-0ubuntu1.1
released
kinetic
ignored
lunar
Fixed 1:21.4.0-0ubuntu1.1
released
trusty
ignored
xenial
ignored
nova
bionic
ignored
focal
ignored
jammy
Fixed 3:25.1.1-0ubuntu1.1
released
kinetic
ignored
lunar
Fixed 3:27.0.0-0ubuntu1.3
released
trusty
ignored
xenial
ignored
python-glance-store
bionic
ignored
focal
ignored
jammy
Fixed 3.0.0-0ubuntu1.3
released
kinetic
ignored
lunar
Fixed 4.3.0-0ubuntu1.3
released
trusty
ignored
xenial
ignored
python-os-brick
bionic
ignored
focal
ignored
jammy
Fixed 5.2.2-0ubuntu1.2
released
kinetic
ignored
lunar
Fixed 6.2.0-0ubuntu2.3
released
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://bugs.launchpad.net/bugs/2004555
https://security.openstack.org/ossa/OSSA-2023-003.html
https://bugs.launchpad.net/bugs/2004555
https://lists.debian.org/debian-lts-announce/2024/09/msg00015.html
https://security.openstack.org/ossa/OSSA-2023-003.html