Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat OpenStack 16.1 RHSA-2023-3156-01 Critical: Access Control Flaw

red hat
Calendar Grey May 17, 2023
Dist Redhat Esm H88
Urgent patch released for Red Hat OpenStack Platform 16.1 targeting access management vulnerabilities within openstack-nova.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Security Fix(es):
* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory security update access control critical impact Red Hat OpenStack openstack-nova platform update

References

https://access.redhat.com/security/cve/CVE-2023-2088 https://access.redhat.com/security/updates/classification#critical

Package List

Red Hat OpenStack Platform 16.1:
Source: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm
noarch: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:3156-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3156
Issue date: 2023-05-17

Topic

An update for openstack-nova is now available for Red Hat OpenStackPlatform 16.1 (Train).Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update access control critical impact Red Hat OpenStack openstack-nova platform update

Relevant Releases Architectures

Red Hat OpenStack Platform 16.1 - noarch

Bugs Fixed

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here