CVE-2020-9543: OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
(updated )
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
References
- bugs.launchpad.net/manila/+bug/1861485
- github.com/advisories/GHSA-jx7v-gmqc-6xrj
- github.com/openstack/manila
- github.com/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
- github.com/pypa/advisory-database/tree/main/vulns/manila/PYSEC-2020-63.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-9543
- opendev.org/openstack/manila/commit/947315f0903c823b0fdd9d99c60078814587272c
- security.openstack.org/ossa/OSSA-2020-002.html
Detect and mitigate CVE-2020-9543 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →