OpenStack Compute (nova)

  1. Bug #2004555
  2. Comment #61

Comment 61 for bug 2004555

Revision history for this message
Nick Tait (nickthetait) wrote : Re: [ussuri] Wrong volume attachment - volumes overlapping when connected through iscsi on host

Dan, OK I agree with you on network exploitable.

The CVSS user gide gives a relevant example of scope change. See item 1 of section 3.5 on https://www.first.org/cvss/v3.1/user-guide. So in this case attackers might gain access to another user's images, they do not get influence over more components of openstack (for example keystone or glance).

Given this I'm leaning towards a score of 8.8 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H