USN-6241-1
- Source
- https://ubuntu.com/security/notices/USN-6241-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6241-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6241-1
- Upstream
- Related
- Published
- 2023-07-24T14:12:32.397208Z
- Modified
- 2025-10-13T04:36:29Z
- Summary
- cinder, ironic, nova, python-glance-store, python-os-brick vulnerability
- Details
-
Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
This update may require configuration changes, please see the upstream advisory and the other links below for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html
- References
Affected packages
Ubuntu:22.04:LTS / cinder
Package
- Name
- cinder
- Purl
- pkg:deb/ubuntu/cinder@2:20.2.0-0ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:20.2.0-0ubuntu1.1
Affected versions
2:19.*
2:19.0.0-0ubuntu2
2:19.0.0+git2022030310.b49fb59a6-0ubuntu1
2:19.0.0+git2022030310.b49fb59a6-0ubuntu2
2:20.*
2:20.0.0-0ubuntu1
2:20.0.1-0ubuntu1
2:20.1.0-0ubuntu1
2:20.1.0-0ubuntu2.1
2:20.1.0-0ubuntu2.2
2:20.2.0-0ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "cinder-api",
"binary_version": "2:20.2.0-0ubuntu1.1"
},
{
"binary_name": "cinder-backup",
"binary_version": "2:20.2.0-0ubuntu1.1"
},
{
"binary_name": "cinder-common",
"binary_version": "2:20.2.0-0ubuntu1.1"
},
{
"binary_name": "cinder-scheduler",
"binary_version": "2:20.2.0-0ubuntu1.1"
},
{
"binary_name": "cinder-volume",
"binary_version": "2:20.2.0-0ubuntu1.1"
},
{
"binary_name": "python3-cinder",
"binary_version": "2:20.2.0-0ubuntu1.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2023-2088",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:22.04:LTS / ironic
Package
- Name
- ironic
- Purl
- pkg:deb/ubuntu/ironic@1:20.1.0-0ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:20.1.0-0ubuntu1.1
Affected versions
1:18.*
1:18.2.0-0ubuntu1
1:18.2.0+git2021120910.cdc3b9538-0ubuntu1
1:19.*
1:19.0.0+git2022011216.7beadee46-0ubuntu1
1:20.*
1:20.0.0+git2022030313.4e6a3d52e-0ubuntu1
1:20.1.0-0ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "ironic-api",
"binary_version": "1:20.1.0-0ubuntu1.1"
},
{
"binary_name": "ironic-common",
"binary_version": "1:20.1.0-0ubuntu1.1"
},
{
"binary_name": "ironic-conductor",
"binary_version": "1:20.1.0-0ubuntu1.1"
},
{
"binary_name": "python3-ironic",
"binary_version": "1:20.1.0-0ubuntu1.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2023-2088",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:22.04:LTS / nova
Package
- Name
- nova
- Purl
- pkg:deb/ubuntu/nova@3:25.1.1-0ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:25.1.1-0ubuntu1.1
Affected versions
3:24.*
3:24.0.0-0ubuntu1
3:24.0.0+git2022030310.3f274c65cc-0ubuntu2
3:25.*
3:25.0.0-0ubuntu1
3:25.0.0-0ubuntu1.1
3:25.0.1-0ubuntu1
3:25.1.0-0ubuntu1
3:25.1.0-0ubuntu2
3:25.1.0-0ubuntu2.1
3:25.1.0-0ubuntu2.2
3:25.1.1-0ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "nova-ajax-console-proxy",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-api",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-api-metadata",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-api-os-compute",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-api-os-volume",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-cells",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-common",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-ironic",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-kvm",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-libvirt",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-lxc",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-qemu",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-vmware",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-compute-xen",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-conductor",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-novncproxy",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-scheduler",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-serialproxy",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-spiceproxy",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "nova-volume",
"binary_version": "3:25.1.1-0ubuntu1.1"
},
{
"binary_name": "python3-nova",
"binary_version": "3:25.1.1-0ubuntu1.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2023-2088",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:22.04:LTS / python-glance-store
Package
- Name
- python-glance-store
- Purl
- pkg:deb/ubuntu/python-glance-store@3.0.0-0ubuntu1.3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.0-0ubuntu1.3
Ecosystem specific
{
"binaries": [
{
"binary_name": "python3-glance-store",
"binary_version": "3.0.0-0ubuntu1.3"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2023-2088",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:22.04:LTS / python-os-brick
Package
- Name
- python-os-brick
- Purl
- pkg:deb/ubuntu/python-os-brick@5.2.2-0ubuntu1.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.2-0ubuntu1.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "os-brick-common",
"binary_version": "5.2.2-0ubuntu1.2"
},
{
"binary_name": "python3-os-brick",
"binary_version": "5.2.2-0ubuntu1.2"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2023-2088",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}