Published: 12/03/2020 Updated: 14/07/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.3 | Impact Score: 5.5 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows malicious users to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack manila

Debian Bug report logs - #953581 manila: CVE-2020-9543: Unprivileged users can retrieve, use and manipulate share networks Package: src:manila; Maintainer for src:manila is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Mar 2020 21:09:02 UTC S ...

Synopsis Moderate: openstack-manila security update Type/Severity Security Advisory: Moderate Topic An update for openstack-manila is now available for Red Hat OpenStackPlatform 16 (Train)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: openstack-manila security update Type/Severity Security Advisory: Moderate Topic An update for openstack-manila is now available for Red Hat OpenStackPlatform 15 (Stein)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: openstack-manila and openstack-manila security update Type/Severity Security Advisory: Moderate Topic An update for openstack-manila and openstack-manila is now available forRed Hat OpenStack Platform 13 (Queens)Red Hat Product Security has rated this update as having a security impactof ...

CWE-276 https://bugs.launchpad.net/manila/+bug/1861485 http://www.openwall.com/lists/oss-security/2020/03/12/1 https://security.openstack.org/ossa/OSSA-2020-002.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953581 https://nvd.nist.gov

CVE-2020-9543

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect