Vulnerability Description
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Manila | < 7.4.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/03/12/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2020/03/12/1Mailing ListPatchThird Party Advisory
- https://bugs.launchpad.net/manila/+bug/1861485ExploitIssue TrackingThird Party Advisory
- https://security.openstack.org/ossa/OSSA-2020-002.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2020/03/12/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2020/03/12/1Mailing ListPatchThird Party Advisory
- https://bugs.launchpad.net/manila/+bug/1861485ExploitIssue TrackingThird Party Advisory
- https://security.openstack.org/ossa/OSSA-2020-002.htmlPatchVendor Advisory
FAQ
What is CVE-2020-9543?
CVE-2020-9543 is a vulnerability with a CVSS score of 8.3 (HIGH). OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attacke...
How severe is CVE-2020-9543?
CVE-2020-9543 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9543?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Manila.