[Bug 2021980] Re: Unauthorized volume access through deleted volume attachments (CVE-2023-2088)
Launchpad Bug Tracker
2021980 at bugs.launchpad.net
Wed May 31 23:53:24 UTC 2023
This bug was fixed in the package nova - 3:27.0.0-0ubuntu4
---------------
nova (3:27.0.0-0ubuntu4) mantic; urgency=medium
* SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
- debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
disconnect during delete.
- debian/patches/CVE-2023-2088-2.patch: Enable use of service user
token with admin context.
- CVE-2023-2088
-- Corey Bryant <corey.bryant at canonical.com> Wed, 31 May 2023 12:11:02
-0400
** Changed in: nova (Ubuntu Mantic)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/2021980
Title:
Unauthorized volume access through deleted volume attachments
(CVE-2023-2088)
Status in Ubuntu Cloud Archive:
Triaged
Status in Ubuntu Cloud Archive antelope series:
Triaged
Status in Ubuntu Cloud Archive bobcat series:
Triaged
Status in Ubuntu Cloud Archive ussuri series:
New
Status in Ubuntu Cloud Archive victoria series:
New
Status in Ubuntu Cloud Archive wallaby series:
New
Status in Ubuntu Cloud Archive xena series:
New
Status in Ubuntu Cloud Archive yoga series:
Triaged
Status in Ubuntu Cloud Archive zed series:
Triaged
Status in cinder package in Ubuntu:
Fix Released
Status in ironic package in Ubuntu:
Fix Released
Status in nova package in Ubuntu:
Fix Released
Status in python-glance-store package in Ubuntu:
Triaged
Status in python-os-brick package in Ubuntu:
Triaged
Status in cinder source package in Bionic:
New
Status in ironic source package in Bionic:
New
Status in nova source package in Bionic:
New
Status in python-glance-store source package in Bionic:
New
Status in python-os-brick source package in Bionic:
New
Status in cinder source package in Focal:
New
Status in ironic source package in Focal:
New
Status in nova source package in Focal:
New
Status in python-glance-store source package in Focal:
New
Status in python-os-brick source package in Focal:
New
Status in cinder source package in Jammy:
Triaged
Status in ironic source package in Jammy:
Triaged
Status in nova source package in Jammy:
Triaged
Status in python-glance-store source package in Jammy:
Triaged
Status in python-os-brick source package in Jammy:
Triaged
Status in cinder source package in Kinetic:
Triaged
Status in ironic source package in Kinetic:
Triaged
Status in nova source package in Kinetic:
Triaged
Status in python-glance-store source package in Kinetic:
Triaged
Status in python-os-brick source package in Kinetic:
Triaged
Status in cinder source package in Lunar:
Triaged
Status in ironic source package in Lunar:
Triaged
Status in nova source package in Lunar:
Triaged
Status in python-glance-store source package in Lunar:
Triaged
Status in python-os-brick source package in Lunar:
Triaged
Status in cinder source package in Mantic:
Fix Released
Status in ironic source package in Mantic:
Fix Released
Status in nova source package in Mantic:
Fix Released
Status in python-glance-store source package in Mantic:
Triaged
Status in python-os-brick source package in Mantic:
Triaged
Bug description:
OpenStack security advisory:
https://security.openstack.org/ossa/OSSA-2023-003.html
Note: This is the second attempt at patching this CVE. The first time
with the embargo patches resulted in an ironic regression. There have
also been additional changes since the embargo patches. We also want
to coordinate documentation better this time as service tokens are now
required.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2021980/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list