CVE-2020-9543

openstack-manila: User with share-network UUID is able to show, create and delete shares

Severity Score

8.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.

OpenStack Manila versiones anteriores a 7.4.1, versiones posteriores a 8.0.0 incluyéndola y anteriores a 8.1.1, y versiones posteriores a 9.0.0 incluyéndola y anteriores a 9.1.1, permite a atacantes visualizar, actualizar, eliminar o compartir recursos que no les pertenecen, debido a una búsqueda sin contexto de un UUID. Los atacantes también pueden crear recursos, tales como sistemas de archivos compartidos y grupos de intercambio sobre esas redes compartidas.

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks (for example, shared file systems or groups of shares).

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-02 CVE Reserved
2020-03-12 CVE Published
2023-07-16 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-276: Incorrect Default Permissions
CWE-284: Improper Access Control

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC
https://bugs.launchpad.net/manila/+bug/1861485	2024-08-04

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2020/03/12/1	2020-07-14
https://security.openstack.org/ossa/OSSA-2020-002.html	2020-07-14

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-9543	2020-06-24
https://bugzilla.redhat.com/show_bug.cgi?id=1809855	2020-06-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Manila Search vendor "Openstack" for product "Manila"				< 7.4.1 Search vendor "Openstack" for product "Manila" and version " < 7.4.1"		-		Affected
Openstack Search vendor "Openstack"		Manila Search vendor "Openstack" for product "Manila"				>= 8.0.0 < 8.1.1 Search vendor "Openstack" for product "Manila" and version " >= 8.0.0 < 8.1.1"		-		Affected
Openstack Search vendor "Openstack"		Manila Search vendor "Openstack" for product "Manila"				>= 9.0.0 < 9.1.1 Search vendor "Openstack" for product "Manila" and version " >= 9.0.0 < 9.1.1"		-		Affected