Main Vulnerability Database Vulnerabilities #VU76039

#VU76039 Permissions, Privileges, and Access Controls in Openstack products - CVE-2023-2088

Published: May 11, 2023

Vulnerability identifier: #VU76039

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-2088

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cinder
Glance_store
Os-brick
Openstack Nova

Software vendor:
Openstack

Description

The vulnerability allows an attacker to gain unauthorized access to a volume.

The vulnerability exists due to the way OpenStack handles situations with volume deletions. A regular user can create an instance with a volume, and then delete the volume attachment directly in Cinder, which neglects to notify Nova.

The compute node SCSI plumbing (over iSCSI/FC) will continue trying to connect to the original host/port/LUN, not knowing the attachment has been deleted. If a subsequent volume attachment re-uses the host/port/LUN for a different instance and volume, the original instance will gain access to it once the SCSI plumbing reconnects.

Only deployments with iSCSI or FC volumes are affected.

Remediation

Install updates from vendor's website.

External links

https://security.openstack.org/ossa/OSSA-2023-003.html