CVE-2022-44020 – VirtualBMC: removes password protection from the managed libvirt XML domain

https://notcve.org/view.php?id=CVE-2022-44020

29 Oct 2022 — An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." Se descubrió un problema en OpenStack Sushy-Tools hasta 0.21.0 y VirtualBMC hasta 2.2.2. Cambiar la configuración del dispositivo de arranque con estos paquetes elimina la protección con contraseña del dominio XML libvirt... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE • CWE-281: Improper Preservation of Permissions CWE-305: Authentication Bypass by Primary Weakness •