Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-9543 (GCVE-0-2020-9543)
Vulnerability from cvelistv5 – Published: 2020-03-12 16:40 – Updated: 2024-08-04 10:34
VLAI?
EPSS
Summary
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/manila/+bug/1861485 | x_refsource_MISC |
| https://security.openstack.org/ossa/OSSA-2020-002.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/03/12/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2020/03/12/1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
},
{
"name": "[oss-security] 20200311 [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T16:40:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
},
{
"name": "[oss-security] 20200311 [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/manila/+bug/1861485",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
},
{
"name": "[oss-security] 20200311 [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/03/12/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9543",
"datePublished": "2020-03-12T16:40:20.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-9543",
"date": "2026-05-24",
"epss": "0.00272",
"percentile": "0.50629"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.1\", \"matchCriteriaId\": \"83E27DF7-877D-4D0E-86D7-4D4B1463B97F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.1.1\", \"matchCriteriaId\": \"3460FC85-381C-4BFD-9EEA-CCA46FA9FDD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.1.1\", \"matchCriteriaId\": \"2998594D-0B58-4E08-8508-DB1E4DD35CC1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.\"}, {\"lang\": \"es\", \"value\": \"OpenStack Manila versiones anteriores a 7.4.1, versiones posteriores a 8.0.0 incluy\\u00e9ndola y anteriores a 8.1.1, y versiones posteriores a 9.0.0 incluy\\u00e9ndola y anteriores a 9.1.1, permite a atacantes visualizar, actualizar, eliminar o compartir recursos que no les pertenecen, debido a una b\\u00fasqueda sin contexto de un UUID. Los atacantes tambi\\u00e9n pueden crear recursos, tales como sistemas de archivos compartidos y grupos de intercambio sobre esas redes compartidas.\"}]",
"id": "CVE-2020-9543",
"lastModified": "2024-11-21T05:40:49.683",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-03-12T17:15:11.077",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2020/03/12/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/03/12/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/manila/+bug/1861485\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://security.openstack.org/ossa/OSSA-2020-002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/03/12/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/03/12/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/manila/+bug/1861485\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://security.openstack.org/ossa/OSSA-2020-002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-9543\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-12T17:15:11.077\",\"lastModified\":\"2024-11-21T05:40:49.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.\"},{\"lang\":\"es\",\"value\":\"OpenStack Manila versiones anteriores a 7.4.1, versiones posteriores a 8.0.0 incluy\u00e9ndola y anteriores a 8.1.1, y versiones posteriores a 9.0.0 incluy\u00e9ndola y anteriores a 9.1.1, permite a atacantes visualizar, actualizar, eliminar o compartir recursos que no les pertenecen, debido a una b\u00fasqueda sin contexto de un UUID. Los atacantes tambi\u00e9n pueden crear recursos, tales como sistemas de archivos compartidos y grupos de intercambio sobre esas redes compartidas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.1\",\"matchCriteriaId\":\"83E27DF7-877D-4D0E-86D7-4D4B1463B97F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.1\",\"matchCriteriaId\":\"3460FC85-381C-4BFD-9EEA-CCA46FA9FDD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.1.1\",\"matchCriteriaId\":\"2998594D-0B58-4E08-8508-DB1E4DD35CC1\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2020/03/12/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/03/12/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/manila/+bug/1861485\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.openstack.org/ossa/OSSA-2020-002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/03/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/03/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/manila/+bug/1861485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.openstack.org/ossa/OSSA-2020-002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
BDU:2020-02718
Vulnerability from fstec - Published: 12.03.2020
VLAI Severity ?
Title
Уязвимость программного средства для общего доступа к файлам openstack-manila, связанная с ошибками использования стандартных разрешений, позволяющая нарушителю получить несанкционированный доступ к общим файлам
Description
Уязвимость программного средства для общего доступа к файлам openstack-manila связана с ошибками использования стандартных разрешений. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к общим файлам, если известно значение UUID
Severity ?
Vendor
Novell Inc., Red Hat Inc., Сообщество свободного программного обеспечения
Software Name
SUSE OpenStack Cloud, HPE Helion Openstack, Red Hat OpenStack Platform, OpenStack Manila
Software Version
8 (SUSE OpenStack Cloud), Crowbar 8 (SUSE OpenStack Cloud), 8 (HPE Helion Openstack), 9 (SUSE OpenStack Cloud), Crowbar 9 (SUSE OpenStack Cloud), 15.0 (Stein) (Red Hat OpenStack Platform), 16.0 (Train) (Red Hat OpenStack Platform), от 8.0.0 до 8.1.1 (OpenStack Manila), от 9.0.0 до 9.1.1 (OpenStack Manila)
Possible Mitigations
Использование рекомендаций:
Для OpenStack Manila:
https://security.openstack.org/ossa/OSSA-2020-002.html
Для программных продуктов Novell Inc.:
https://www.suse.com/support/update/announcement/2020/suse-su-20200660-1/
https://www.suse.com/security/cve/CVE-2020-9543/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-9543
Reference
https://www.suse.com/support/update/announcement/2020/suse-su-20200660-1/
https://www.suse.com/security/cve/CVE-2020-9543/
https://access.redhat.com/security/cve/cve-2020-9543
https://nvd.nist.gov/vuln/detail/CVE-2020-9543
https://www.openwall.com/lists/oss-security/2020/03/12/1
https://security.openstack.org/ossa/OSSA-2020-002.html
https://bugs.launchpad.net/manila/+bug/1861485
CWE
CWE-276, CWE-284
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (SUSE OpenStack Cloud), Crowbar 8 (SUSE OpenStack Cloud), 8 (HPE Helion Openstack), 9 (SUSE OpenStack Cloud), Crowbar 9 (SUSE OpenStack Cloud), 15.0 (Stein) (Red Hat OpenStack Platform), 16.0 (Train) (Red Hat OpenStack Platform), \u043e\u0442 8.0.0 \u0434\u043e 8.1.1 (OpenStack Manila), \u043e\u0442 9.0.0 \u0434\u043e 9.1.1 (OpenStack Manila)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f OpenStack Manila:\nhttps://security.openstack.org/ossa/OSSA-2020-002.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/support/update/announcement/2020/suse-su-20200660-1/\nhttps://www.suse.com/security/cve/CVE-2020-9543/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-9543",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.03.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.06.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02718",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-9543",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE OpenStack Cloud, HPE Helion Openstack, Red Hat OpenStack Platform, OpenStack Manila",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c openstack-manila, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u0449\u0438\u043c \u0444\u0430\u0439\u043b\u0430\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f (CWE-276), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c openstack-manila \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u0449\u0438\u043c \u0444\u0430\u0439\u043b\u0430\u043c, \u0435\u0441\u043b\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 UUID",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/support/update/announcement/2020/suse-su-20200660-1/\nhttps://www.suse.com/security/cve/CVE-2020-9543/\nhttps://access.redhat.com/security/cve/cve-2020-9543\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9543\nhttps://www.openwall.com/lists/oss-security/2020/03/12/1\nhttps://security.openstack.org/ossa/OSSA-2020-002.html\nhttps://bugs.launchpad.net/manila/+bug/1861485",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-276, CWE-284",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,7)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)"
}
CNVD-2020-19920
Vulnerability from cnvd - Published: 2020-03-27
VLAI Severity ?
Title
OpenStack Manila越权漏洞
Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。
OpenStack Manila 7.4.1之前版本、8.0.0版本至8.1.1之前版本和9.0.0版本至9.1.1之前版本中存在安全漏洞。攻击者可利用该漏洞洞查看、更新、删除或共享不属于它们的资源。
Severity
高
Patch Name
OpenStack Manila越权漏洞的补丁
Patch Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。
OpenStack Manila 7.4.1之前版本、8.0.0版本至8.1.1之前版本和9.0.0版本至9.1.1之前版本中存在安全漏洞。攻击者可利用该漏洞洞查看、更新、删除或共享不属于它们的资源。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://security.openstack.org/ossa/OSSA-2020-002.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-9543
Impacted products
| Name | ['National Aeronautics and Space Administration OpenStack Manila <7.4.1', 'National Aeronautics and Space Administration OpenStack Manila >=8.0.0,<=8.1.1', 'National Aeronautics and Space Administration OpenStack Manila >=9.0.0,<=9.1.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-9543",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543"
}
},
"description": "OpenStack\u662f\u7f8e\u56fd\u56fd\u5bb6\u822a\u7a7a\u822a\u5929\u5c40\uff08National Aeronautics and Space Administration\uff09\u548c\u7f8e\u56fdRackspace\u516c\u53f8\u5408\u4f5c\u7814\u53d1\u7684\u4e00\u4e2a\u4e91\u5e73\u53f0\u7ba1\u7406\u9879\u76ee\u3002\n\nOpenStack Manila 7.4.1\u4e4b\u524d\u7248\u672c\u30018.0.0\u7248\u672c\u81f38.1.1\u4e4b\u524d\u7248\u672c\u548c9.0.0\u7248\u672c\u81f39.1.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6d1e\u67e5\u770b\u3001\u66f4\u65b0\u3001\u5220\u9664\u6216\u5171\u4eab\u4e0d\u5c5e\u4e8e\u5b83\u4eec\u7684\u8d44\u6e90\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.openstack.org/ossa/OSSA-2020-002.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-19920",
"openTime": "2020-03-27",
"patchDescription": "OpenStack\u662f\u7f8e\u56fd\u56fd\u5bb6\u822a\u7a7a\u822a\u5929\u5c40\uff08National Aeronautics and Space Administration\uff09\u548c\u7f8e\u56fdRackspace\u516c\u53f8\u5408\u4f5c\u7814\u53d1\u7684\u4e00\u4e2a\u4e91\u5e73\u53f0\u7ba1\u7406\u9879\u76ee\u3002\r\n\r\nOpenStack Manila 7.4.1\u4e4b\u524d\u7248\u672c\u30018.0.0\u7248\u672c\u81f38.1.1\u4e4b\u524d\u7248\u672c\u548c9.0.0\u7248\u672c\u81f39.1.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6d1e\u67e5\u770b\u3001\u66f4\u65b0\u3001\u5220\u9664\u6216\u5171\u4eab\u4e0d\u5c5e\u4e8e\u5b83\u4eec\u7684\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenStack Manila\u8d8a\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"National Aeronautics and Space Administration OpenStack Manila \u003c7.4.1",
"National Aeronautics and Space Administration OpenStack Manila \u003e=8.0.0\uff0c\u003c=8.1.1",
"National Aeronautics and Space Administration OpenStack Manila \u003e=9.0.0\uff0c\u003c=9.1.1"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543",
"serverity": "\u9ad8",
"submitTime": "2020-03-25",
"title": "OpenStack Manila\u8d8a\u6743\u6f0f\u6d1e"
}
FKIE_CVE-2020-9543
Vulnerability from fkie_nvd - Published: 2020-03-12 17:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/03/12/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/03/12/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugs.launchpad.net/manila/+bug/1861485 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.openstack.org/ossa/OSSA-2020-002.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/03/12/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/03/12/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/manila/+bug/1861485 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.openstack.org/ossa/OSSA-2020-002.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83E27DF7-877D-4D0E-86D7-4D4B1463B97F",
"versionEndExcluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3460FC85-381C-4BFD-9EEA-CCA46FA9FDD5",
"versionEndExcluding": "8.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2998594D-0B58-4E08-8508-DB1E4DD35CC1",
"versionEndExcluding": "9.1.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks."
},
{
"lang": "es",
"value": "OpenStack Manila versiones anteriores a 7.4.1, versiones posteriores a 8.0.0 incluy\u00e9ndola y anteriores a 8.1.1, y versiones posteriores a 9.0.0 incluy\u00e9ndola y anteriores a 9.1.1, permite a atacantes visualizar, actualizar, eliminar o compartir recursos que no les pertenecen, debido a una b\u00fasqueda sin contexto de un UUID. Los atacantes tambi\u00e9n pueden crear recursos, tales como sistemas de archivos compartidos y grupos de intercambio sobre esas redes compartidas."
}
],
"id": "CVE-2020-9543",
"lastModified": "2024-11-21T05:40:49.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T17:15:11.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JX7V-GMQC-6XRJ
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2024-09-30 16:53
VLAI?
Summary
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
Details
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "manila"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "manila"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "manila"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-9543"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T10:21:22Z",
"nvd_published_at": "2020-03-12T17:15:00Z",
"severity": "HIGH"
},
"details": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.",
"id": "GHSA-jx7v-gmqc-6xrj",
"modified": "2024-09-30T16:53:20Z",
"published": "2022-05-24T17:11:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543"
},
{
"type": "WEB",
"url": "https://github.com/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/manila"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/manila/PYSEC-2020-63.yaml"
},
{
"type": "WEB",
"url": "https://opendev.org/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks"
}
GSD-2020-9543
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-9543",
"description": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.",
"id": "GSD-2020-9543",
"references": [
"https://www.suse.com/security/cve/CVE-2020-9543.html",
"https://access.redhat.com/errata/RHSA-2020:2729",
"https://access.redhat.com/errata/RHSA-2020:2165",
"https://access.redhat.com/errata/RHSA-2020:1326"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-9543"
],
"details": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.",
"id": "GSD-2020-9543",
"modified": "2023-12-13T01:21:52.618118Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/manila/+bug/1861485",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
},
{
"name": "[oss-security] 20200311 [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/03/12/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:manila:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9543"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/manila/+bug/1861485",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"name": "[oss-security] 20200311 [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
},
"lastModifiedDate": "2020-07-14T17:27Z",
"publishedDate": "2020-03-12T17:15Z"
}
}
}
PYSEC-2020-63
Vulnerability from pysec - Published: 2020-03-12 17:15 - Updated: 2020-07-14 17:27
VLAI?
Details
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
Impacted products
| Name | purl | manila | pkg:pypi/manila |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "manila",
"purl": "pkg:pypi/manila"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.1"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.1.1"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.2",
"5.0.2",
"5.0.3",
"5.1.0",
"6.1.0",
"6.2.0",
"6.3.0",
"6.3.1",
"6.3.2",
"7.0.0",
"7.1.0",
"7.2.0",
"7.3.0",
"7.4.0",
"8.0.0",
"8.0.1",
"8.1.0",
"9.0.0",
"9.1.0"
]
}
],
"aliases": [
"CVE-2020-9543"
],
"details": "OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.",
"id": "PYSEC-2020-63",
"modified": "2020-07-14T17:27:00Z",
"published": "2020-03-12T17:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://bugs.launchpad.net/manila/+bug/1861485"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/03/12/1"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
]
}
RHSA-2020:1326
Vulnerability from csaf_redhat - Published: 2020-04-06 09:03 - Updated: 2025-11-21 18:13Summary
Red Hat Security Advisory: openstack-manila security update
Severity
Moderate
Notes
Topic: An update for openstack-manila is now available for Red Hat OpenStack
Platform 15 (Stein).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.
Security Fix(es):
* User with share-network UUID is able to show create and delete shares
(CVE-2020-9543)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
9 references
Acknowledgments
the OpenStack Manila project
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openstack-manila is now available for Red Hat OpenStack\nPlatform 15 (Stein).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.\n\nSecurity Fix(es):\n\n* User with share-network UUID is able to show create and delete shares\n(CVE-2020-9543)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1326",
"url": "https://access.redhat.com/errata/RHSA-2020:1326"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1326.json"
}
],
"title": "Red Hat Security Advisory: openstack-manila security update",
"tracking": {
"current_release_date": "2025-11-21T18:13:23+00:00",
"generator": {
"date": "2025-11-21T18:13:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:1326",
"initial_release_date": "2020-04-06T09:03:11+00:00",
"revision_history": [
{
"date": "2020-04-06T09:03:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-06T09:03:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:13:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 15.0",
"product": {
"name": "Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_id": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@8.1.1-0.20200311070441.17b29e2.el8ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product": {
"name": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_id": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila-share@8.1.1-0.20200311070441.17b29e2.el8ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product": {
"name": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_id": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-manila@8.1.1-0.20200311070441.17b29e2.el8ost?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"product": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"product_id": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@8.1.1-0.20200311070441.17b29e2.el8ost?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
},
"product_reference": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src"
},
"product_reference": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
},
"product_reference": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
},
"product_reference": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-15.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the OpenStack Manila project"
]
}
],
"cve": "CVE-2020-9543",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1809855"
}
],
"notes": [
{
"category": "description",
"text": "An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-manila: User with share-network UUID is able to show, create and delete shares",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9543"
},
{
"category": "external",
"summary": "RHBZ#1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543"
},
{
"category": "external",
"summary": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
],
"release_date": "2020-03-10T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T09:03:11+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1326"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue, the flaw can only be resolved by applying updates.",
"product_ids": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-manila: User with share-network UUID is able to show, create and delete shares"
}
]
}
RHSA-2020:2165
Vulnerability from csaf_redhat - Published: 2020-05-14 12:08 - Updated: 2025-11-21 18:14Summary
Red Hat Security Advisory: openstack-manila security update
Severity
Moderate
Notes
Topic: An update for openstack-manila is now available for Red Hat OpenStack
Platform 16 (Train).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.
Security Fix(es):
* User with share-network UUID is able to show create and delete shares
(CVE-2020-9543)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.0:openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.0:python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
10 references
Acknowledgments
the OpenStack Manila project
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openstack-manila is now available for Red Hat OpenStack\nPlatform 16 (Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.\n\nSecurity Fix(es):\n\n* User with share-network UUID is able to show create and delete shares\n(CVE-2020-9543)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2165",
"url": "https://access.redhat.com/errata/RHSA-2020:2165"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "external",
"summary": "1824519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824519"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2165.json"
}
],
"title": "Red Hat Security Advisory: openstack-manila security update",
"tracking": {
"current_release_date": "2025-11-21T18:14:22+00:00",
"generator": {
"date": "2025-11-21T18:14:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:2165",
"initial_release_date": "2020-05-14T12:08:41+00:00",
"revision_history": [
{
"date": "2020-05-14T12:08:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-14T12:08:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:14:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.0",
"product": {
"name": "Red Hat OpenStack Platform 16.0",
"product_id": "8Base-RHOS-16.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product": {
"name": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product_id": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@9.1.2-0.20200405045746.f071a43.el8ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product": {
"name": "openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product_id": "openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila-share@9.1.2-0.20200405045746.f071a43.el8ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product": {
"name": "python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product_id": "python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-manila@9.1.2-0.20200405045746.f071a43.el8ost?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"product": {
"name": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"product_id": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@9.1.2-0.20200405045746.f071a43.el8ost?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch as a component of Red Hat OpenStack Platform 16.0",
"product_id": "8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
},
"product_reference": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src as a component of Red Hat OpenStack Platform 16.0",
"product_id": "8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src"
},
"product_reference": "openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch as a component of Red Hat OpenStack Platform 16.0",
"product_id": "8Base-RHOS-16.0:openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
},
"product_reference": "openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch as a component of Red Hat OpenStack Platform 16.0",
"product_id": "8Base-RHOS-16.0:python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
},
"product_reference": "python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the OpenStack Manila project"
]
}
],
"cve": "CVE-2020-9543",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1809855"
}
],
"notes": [
{
"category": "description",
"text": "An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-manila: User with share-network UUID is able to show, create and delete shares",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"8Base-RHOS-16.0:openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9543"
},
{
"category": "external",
"summary": "RHBZ#1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543"
},
{
"category": "external",
"summary": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
],
"release_date": "2020-03-10T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-14T12:08:41+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"8Base-RHOS-16.0:openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2165"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue, the flaw can only be resolved by applying updates.",
"product_ids": [
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"8Base-RHOS-16.0:openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:openstack-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.src",
"8Base-RHOS-16.0:openstack-manila-share-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch",
"8Base-RHOS-16.0:python3-manila-1:9.1.2-0.20200405045746.f071a43.el8ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-manila: User with share-network UUID is able to show, create and delete shares"
}
]
}
RHSA-2020:2729
Vulnerability from csaf_redhat - Published: 2020-06-24 12:24 - Updated: 2025-11-21 18:15Summary
Red Hat Security Advisory: openstack-manila and openstack-manila security update
Severity
Moderate
Notes
Topic: An update for openstack-manila and openstack-manila is now available for
Red Hat OpenStack Platform 13 (Queens).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenStack Shared Filesystem Service (Manila) provides services to manage
network filesystems for use by Virtual Machine instances.
OpenStack Shared Filesystem Service (Manila) provides services to manage
network filesystems for use by Virtual Machine instances.
Security Fix(es):
* User with share-network UUID is able to show create and delete shares
(CVE-2020-9543)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).
8.3 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
10 references
Acknowledgments
the OpenStack Manila project
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openstack-manila and openstack-manila is now available for\nRed Hat OpenStack Platform 13 (Queens).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenStack Shared Filesystem Service (Manila) provides services to manage\nnetwork filesystems for use by Virtual Machine instances.\n\nOpenStack Shared Filesystem Service (Manila) provides services to manage\nnetwork filesystems for use by Virtual Machine instances.\n\nSecurity Fix(es):\n\n* User with share-network UUID is able to show create and delete shares\n(CVE-2020-9543)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2729",
"url": "https://access.redhat.com/errata/RHSA-2020:2729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "external",
"summary": "1832361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832361"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2729.json"
}
],
"title": "Red Hat Security Advisory: openstack-manila and openstack-manila security update",
"tracking": {
"current_release_date": "2025-11-21T18:15:08+00:00",
"generator": {
"date": "2025-11-21T18:15:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:2729",
"initial_release_date": "2020-06-24T12:24:16+00:00",
"revision_history": [
{
"date": "2020-06-24T12:24:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-06-24T12:24:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:15:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product": {
"name": "Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product_id": "7Server-7.6.EUS-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:6.3.2-3.el7ost.noarch",
"product": {
"name": "openstack-manila-1:6.3.2-3.el7ost.noarch",
"product_id": "openstack-manila-1:6.3.2-3.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@6.3.2-3.el7ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"product": {
"name": "openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"product_id": "openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila-share@6.3.2-3.el7ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-manila-1:6.3.2-3.el7ost.noarch",
"product": {
"name": "python-manila-1:6.3.2-3.el7ost.noarch",
"product_id": "python-manila-1:6.3.2-3.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-manila@6.3.2-3.el7ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-manila-tests-1:6.3.2-3.el7ost.noarch",
"product": {
"name": "python-manila-tests-1:6.3.2-3.el7ost.noarch",
"product_id": "python-manila-tests-1:6.3.2-3.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-manila-tests@6.3.2-3.el7ost?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:6.3.2-3.el7ost.src",
"product": {
"name": "openstack-manila-1:6.3.2-3.el7ost.src",
"product_id": "openstack-manila-1:6.3.2-3.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@6.3.2-3.el7ost?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product_id": "7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "openstack-manila-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:6.3.2-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product_id": "7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src"
},
"product_reference": "openstack-manila-1:6.3.2-3.el7ost.src",
"relates_to_product_reference": "7Server-7.6.EUS-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-share-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product_id": "7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-manila-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product_id": "7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "python-manila-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-manila-tests-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server",
"product_id": "7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "python-manila-tests-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "openstack-manila-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:6.3.2-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src"
},
"product_reference": "openstack-manila-1:6.3.2-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-share-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-manila-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "python-manila-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-manila-tests-1:6.3.2-3.el7ost.noarch as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch"
},
"product_reference": "python-manila-tests-1:6.3.2-3.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the OpenStack Manila project"
]
}
],
"cve": "CVE-2020-9543",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1809855"
}
],
"notes": [
{
"category": "description",
"text": "An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-manila: User with share-network UUID is able to show, create and delete shares",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9543"
},
{
"category": "external",
"summary": "RHBZ#1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543"
},
{
"category": "external",
"summary": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
],
"release_date": "2020-03-10T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-24T12:24:16+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2729"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue, the flaw can only be resolved by applying updates.",
"product_ids": [
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-7.6.EUS-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-7.6.EUS-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:openstack-manila-1:6.3.2-3.el7ost.src",
"7Server-RH7-RHOS-13.0:openstack-manila-share-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-1:6.3.2-3.el7ost.noarch",
"7Server-RH7-RHOS-13.0:python-manila-tests-1:6.3.2-3.el7ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-manila: User with share-network UUID is able to show, create and delete shares"
}
]
}
RHSA-2020_1326
Vulnerability from csaf_redhat - Published: 2020-04-06 09:03 - Updated: 2024-11-15 09:32Summary
Red Hat Security Advisory: openstack-manila security update
Severity
Moderate
Notes
Topic: An update for openstack-manila is now available for Red Hat OpenStack
Platform 15 (Stein).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.
Security Fix(es):
* User with share-network UUID is able to show create and delete shares
(CVE-2020-9543)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
9 references
Acknowledgments
the OpenStack Manila project
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openstack-manila is now available for Red Hat OpenStack\nPlatform 15 (Stein).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.\n\nSecurity Fix(es):\n\n* User with share-network UUID is able to show create and delete shares\n(CVE-2020-9543)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1326",
"url": "https://access.redhat.com/errata/RHSA-2020:1326"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1326.json"
}
],
"title": "Red Hat Security Advisory: openstack-manila security update",
"tracking": {
"current_release_date": "2024-11-15T09:32:35+00:00",
"generator": {
"date": "2024-11-15T09:32:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:1326",
"initial_release_date": "2020-04-06T09:03:11+00:00",
"revision_history": [
{
"date": "2020-04-06T09:03:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-06T09:03:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T09:32:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 15.0",
"product": {
"name": "Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_id": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@8.1.1-0.20200311070441.17b29e2.el8ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product": {
"name": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_id": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila-share@8.1.1-0.20200311070441.17b29e2.el8ost?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product": {
"name": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_id": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-manila@8.1.1-0.20200311070441.17b29e2.el8ost?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"product": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"product_id": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-manila@8.1.1-0.20200311070441.17b29e2.el8ost?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
},
"product_reference": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src"
},
"product_reference": "openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
},
"product_reference": "openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0",
"product_id": "8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
},
"product_reference": "python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-15.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the OpenStack Manila project"
]
}
],
"cve": "CVE-2020-9543",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1809855"
}
],
"notes": [
{
"category": "description",
"text": "An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-manila: User with share-network UUID is able to show, create and delete shares",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9543"
},
{
"category": "external",
"summary": "RHBZ#1809855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9543"
},
{
"category": "external",
"summary": "https://security.openstack.org/ossa/OSSA-2020-002.html",
"url": "https://security.openstack.org/ossa/OSSA-2020-002.html"
}
],
"release_date": "2020-03-10T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T09:03:11+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1326"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue, the flaw can only be resolved by applying updates.",
"product_ids": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:openstack-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.src",
"8Base-RHOS-15.0:openstack-manila-share-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch",
"8Base-RHOS-15.0:python3-manila-1:8.1.1-0.20200311070441.17b29e2.el8ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-manila: User with share-network UUID is able to show, create and delete shares"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…