GHSA-5pj3-6fqm-8m7m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5pj3-6fqm-8m7m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-5pj3-6fqm-8m7m/GHSA-5pj3-6fqm-8m7m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5pj3-6fqm-8m7m
- Aliases
- Published
- 2022-10-30T12:00:28Z
- Modified
- 2024-04-22T22:56:43.600968Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
- Details
-
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
- Database specific
{ "nvd_published_at": "2022-10-30T00:15:00Z", "cwe_ids": [ "CWE-281" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-22T22:35:35Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-44020
- https://github.com/umago/virtualbmc
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC
- https://review.opendev.org/c/openstack/sushy-tools/+/862625
- https://review.opendev.org/c/openstack/virtualbmc/+/862620
- https://storyboard.openstack.org/#!/story/2010382
Affected packages
PyPI / sushy-tools
Package
- Name
- sushy-tools
- View open source insights on deps.dev
- Purl
- pkg:pypi/sushy-tools
PyPI / virtualbmc
Package
- Name
- virtualbmc
- View open source insights on deps.dev
- Purl
- pkg:pypi/virtualbmc