CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-9543 – openstack-manila: User with share-network UUID is able to show, create and delete shares
https://notcve.org/view.php?id=CVE-2020-9543
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. OpenStack Manila versiones anteriores a 7.4.1, versiones posteriores a 8.0.0 incluyéndola y anteriores a 8.1.1, y versiones posteriores a 9.0.0 incluyéndola y anteriores a 9.1.1, permite a atacantes visualizar, actualizar, eliminar o compartir recursos que no les pertenecen, debido a una búsqueda sin contexto de un UUID. Los atacantes también pueden crear recursos, tales como sistemas de archivos compartidos y grupos de intercambio sobre esas redes compartidas. An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. • http://www.openwall.com/lists/oss-security/2020/03/12/1 https://bugs.launchpad.net/manila/+bug/1861485 https://security.openstack.org/ossa/OSSA-2020-002.html https://access.redhat.com/security/cve/CVE-2020-9543 https://bugzilla.redhat.com/show_bug.cgi?id=1809855 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 5%CPEs: 2EXPL: 1CVE-2006-1769
https://notcve.org/view.php?id=CVE-2006-1769
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. • http://secunia.com/advisories/19636 http://securityreason.com/securityalert/692 http://www.osvdb.org/24554 http://www.securityfocus.com/archive/1/430668/100/0/threaded http://www.securityfocus.com/bid/17475 https://exchange.xforce.ibmcloud.com/vulnerabilities/25753 •