Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2088

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Published

2023-05-12T21:15:09.430

Last Modified

2025-01-24T16:15:31.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-440
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openstack	-	Yes

References

https://bugs.launchpad.net/bugs/2004555 Issue Tracking ([email protected])
https://security.openstack.org/ossa/OSSA-2023-003.html ([email protected])
https://bugs.launchpad.net/bugs/2004555 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.openstack.org/ossa/OSSA-2023-003.html (af854a3a-2127-422b-91ae-364da2661108)