Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3161: Red Hat Security Advisory: Red Hat OpenStack Platform 13.0 security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-17

Updated:

2023-05-17

RHSA-2023:3161 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: Red Hat OpenStack Platform 13.0 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack
Platform 13 (Queens).

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Security Fix(es):

  • EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user’s

volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

  • Red Hat OpenStack 13 - Extended Life Cycle Support 13 x86_64
  • Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13 ppc64le

Fixes

  • BZ - 2179587 - CVE-2023-2088 openstack-cinder: silently access other user’s volumes

Red Hat OpenStack 13 - Extended Life Cycle Support 13

SRPM

openstack-nova-17.0.13-41.el7ost.src.rpm

SHA-256: 646b1f9b623acf2c5e5fbaf9ffe29b0c0a98af2e389efb4dbcdfbe34fdf96c12

python-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.src.rpm

SHA-256: 90bf31ceee7a759a6d7ce04d3968bb7146c253ac47b656f7875f788472a7bde1

python-os-brick-2.3.9-12.el7ost.src.rpm

SHA-256: 8184e5c2d7c279690e1b235e62c59526a4bf9bccbb3c90f6d3d719aaaa9840e5

x86_64

openstack-nova-17.0.13-41.el7ost.noarch.rpm

SHA-256: 9b5a625544b3e13186b8149a470d8e5f5c399d2c8f21e4ab65fa553dd933786b

openstack-nova-api-17.0.13-41.el7ost.noarch.rpm

SHA-256: 61d218cd8081268388b66b48ef40576c6cf4e0869e06481990ac918f88411942

openstack-nova-cells-17.0.13-41.el7ost.noarch.rpm

SHA-256: de7ed982abd8c1c9c857d0bb76b5b0fddec581471698287aa17e481e9f691ca1

openstack-nova-common-17.0.13-41.el7ost.noarch.rpm

SHA-256: bf591a1a6caec1a7d6124cab4ceb13823f43a7a0e7a14f3f78df195faa35d377

openstack-nova-compute-17.0.13-41.el7ost.noarch.rpm

SHA-256: f3d140808a3fd16a188d556b024ceb775a9f89ffc9bf253174675192168941e4

openstack-nova-conductor-17.0.13-41.el7ost.noarch.rpm

SHA-256: ea788632d01200c068678fd40c64c6389c158f67a2265b90acc9a74ce7d9b2b5

openstack-nova-console-17.0.13-41.el7ost.noarch.rpm

SHA-256: c4088e25c21cea1c923fe022adca61f1f83786f9f1242981cbe6e4f75c3994c5

openstack-nova-migration-17.0.13-41.el7ost.noarch.rpm

SHA-256: 39a8df8f48f9dc44b966791700b8a617c9fddbf605d693cd8b04b027fa4082f7

openstack-nova-network-17.0.13-41.el7ost.noarch.rpm

SHA-256: 2be03afcfdc037e08f52b9cbfa0bed7308bcadc2bc1c61eed410ae93aa7ead80

openstack-nova-novncproxy-17.0.13-41.el7ost.noarch.rpm

SHA-256: 9a190df920a2fbc20afc2feb18ae82516e7c2bb515d7d95051e6d7061cf1d344

openstack-nova-placement-api-17.0.13-41.el7ost.noarch.rpm

SHA-256: 62b98bae1fce2c055f6f99297d8b5f6b4a301c75478980120c1d34a2b11e3f5e

openstack-nova-scheduler-17.0.13-41.el7ost.noarch.rpm

SHA-256: 9cb6c1d57ac6be3579ee8a4483e27cee05ae4ad440b9c1db8a5e393f4e028991

openstack-nova-serialproxy-17.0.13-41.el7ost.noarch.rpm

SHA-256: 54532974d8681c215e3e4e80b8485c267ec8b0a39352c0c73d8dcd96a3a675af

openstack-nova-spicehtml5proxy-17.0.13-41.el7ost.noarch.rpm

SHA-256: d4fbbf7e7cccf93821748defbe62327c90e9e1175a19d3944974dd2a7847b2f0

python-nova-17.0.13-41.el7ost.noarch.rpm

SHA-256: bd84f35a0a7756eab4e19e5a1ac816927e23cfad641fc0c133aa9e190bbbbdbf

python-nova-tests-17.0.13-41.el7ost.noarch.rpm

SHA-256: 8212f7ba5cf3f09d76e57571ffc10b32332dde1c5a84c06ae90153b1156d41f0

python2-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.noarch.rpm

SHA-256: ae23aa7b003e558d5bbef979ade3a5a0c3b0adf4b8845fb60d1faeec0961467e

python2-os-brick-2.3.9-12.el7ost.noarch.rpm

SHA-256: bf59c50afb8e183447343a781cfc7ca0f7070060784f961eb9b6d51e64d2b6d0

Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13

SRPM

openstack-nova-17.0.13-41.el7ost.src.rpm

SHA-256: 646b1f9b623acf2c5e5fbaf9ffe29b0c0a98af2e389efb4dbcdfbe34fdf96c12

python-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.src.rpm

SHA-256: 90bf31ceee7a759a6d7ce04d3968bb7146c253ac47b656f7875f788472a7bde1

python-os-brick-2.3.9-12.el7ost.src.rpm

SHA-256: 8184e5c2d7c279690e1b235e62c59526a4bf9bccbb3c90f6d3d719aaaa9840e5

ppc64le

openstack-nova-17.0.13-41.el7ost.noarch.rpm

SHA-256: 9b5a625544b3e13186b8149a470d8e5f5c399d2c8f21e4ab65fa553dd933786b

openstack-nova-api-17.0.13-41.el7ost.noarch.rpm

SHA-256: 61d218cd8081268388b66b48ef40576c6cf4e0869e06481990ac918f88411942

openstack-nova-cells-17.0.13-41.el7ost.noarch.rpm

SHA-256: de7ed982abd8c1c9c857d0bb76b5b0fddec581471698287aa17e481e9f691ca1

openstack-nova-common-17.0.13-41.el7ost.noarch.rpm

SHA-256: bf591a1a6caec1a7d6124cab4ceb13823f43a7a0e7a14f3f78df195faa35d377

openstack-nova-compute-17.0.13-41.el7ost.noarch.rpm

SHA-256: f3d140808a3fd16a188d556b024ceb775a9f89ffc9bf253174675192168941e4

openstack-nova-conductor-17.0.13-41.el7ost.noarch.rpm

SHA-256: ea788632d01200c068678fd40c64c6389c158f67a2265b90acc9a74ce7d9b2b5

openstack-nova-console-17.0.13-41.el7ost.noarch.rpm

SHA-256: c4088e25c21cea1c923fe022adca61f1f83786f9f1242981cbe6e4f75c3994c5

openstack-nova-migration-17.0.13-41.el7ost.noarch.rpm

SHA-256: 39a8df8f48f9dc44b966791700b8a617c9fddbf605d693cd8b04b027fa4082f7

openstack-nova-network-17.0.13-41.el7ost.noarch.rpm

SHA-256: 2be03afcfdc037e08f52b9cbfa0bed7308bcadc2bc1c61eed410ae93aa7ead80

openstack-nova-novncproxy-17.0.13-41.el7ost.noarch.rpm

SHA-256: 9a190df920a2fbc20afc2feb18ae82516e7c2bb515d7d95051e6d7061cf1d344

openstack-nova-placement-api-17.0.13-41.el7ost.noarch.rpm

SHA-256: 62b98bae1fce2c055f6f99297d8b5f6b4a301c75478980120c1d34a2b11e3f5e

openstack-nova-scheduler-17.0.13-41.el7ost.noarch.rpm

SHA-256: 9cb6c1d57ac6be3579ee8a4483e27cee05ae4ad440b9c1db8a5e393f4e028991

openstack-nova-serialproxy-17.0.13-41.el7ost.noarch.rpm

SHA-256: 54532974d8681c215e3e4e80b8485c267ec8b0a39352c0c73d8dcd96a3a675af

openstack-nova-spicehtml5proxy-17.0.13-41.el7ost.noarch.rpm

SHA-256: d4fbbf7e7cccf93821748defbe62327c90e9e1175a19d3944974dd2a7847b2f0

python-nova-17.0.13-41.el7ost.noarch.rpm

SHA-256: bd84f35a0a7756eab4e19e5a1ac816927e23cfad641fc0c133aa9e190bbbbdbf

python-nova-tests-17.0.13-41.el7ost.noarch.rpm

SHA-256: 8212f7ba5cf3f09d76e57571ffc10b32332dde1c5a84c06ae90153b1156d41f0

python2-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.noarch.rpm

SHA-256: ae23aa7b003e558d5bbef979ade3a5a0c3b0adf4b8845fb60d1faeec0961467e

python2-os-brick-2.3.9-12.el7ost.noarch.rpm

SHA-256: bf59c50afb8e183447343a781cfc7ca0f7070060784f961eb9b6d51e64d2b6d0

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-6241-1

Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Red Hat Security Advisory 2023-3161-01

Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.

Red Hat Security Advisory 2023-3158-01

Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

Red Hat Security Advisory 2023-3157-01

Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.

Red Hat Security Advisory 2023-3156-01

Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

RHSA-2023:3158: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

RHSA-2023:3157: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

RHSA-2023:3156: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

CVE-2023-2088: Bug #2004555 “[OSSA-2023-003] Unauthorized volume access through...” : Bugs : OpenStack Compute (nova)

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Ubuntu Security Notice USN-6073-3

Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-1

Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-4

Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-2

Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.