Openstack Security Advisory: OSSA-2023-003: Unauthorized volume access through deleted volume attachments
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
Medium
|
Thales Elero Cervi | ||
Bug Description
Brief Description
-----------------
There is a new Openstack Security Advisory: https:/
It needs to be evaluated after the OpenStack services upversion to Antelope: https:/
In case this is still a security issue, we should port the solution.
Severity
--------
Medium: Security Issue
Steps to Reproduce
------------------
N/A
Expected Behavior
------------------
N/A
Actual Behavior
----------------
N/A
Reproducibility
---------------
Reproducible
System Configuration
-------
N/A
Branch/Pull Time/Commit
-------
stx main branch
Last Pass
---------
N/A
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Security vulnerabilities review
Workaround
----------
None
| Thales Elero Cervi (tcervi) wrote | #1 |
| tags: | added: stx.9.0 stx.distro.openstack stx.security |
| Thales Elero Cervi (tcervi) wrote | #2 |
| Changed in starlingx: | |
| assignee: | nobody → Thales Elero Cervi (tcervi) |
| status: | New → Fix Released |
| Changed in starlingx: | |
| importance: | Undecided → Medium |
Next StarlingX relese (stx.9.0) will deliver an stx-openstack application with OpenStack Antelope based images generated on top of the `stable/2023.1` branch and all affected services have a fix for this on this branch (note that we don't build glance_store or os-brick images):
Cinder: https:/
Nova: https:/
Glance store: https:/
OS Brick: https:/