Openstack Security Advisory: OSSA-2023-003: Unauthorized volume access through deleted volume attachments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Thales Elero Cervi |
Bug Description
Brief Description
-----------------
There is a new Openstack Security Advisory: https:/
It needs to be evaluated after the OpenStack services upversion to Antelope: https:/
In case this is still a security issue, we should port the solution.
Severity
--------
Medium: Security Issue
Steps to Reproduce
------------------
N/A
Expected Behavior
------------------
N/A
Actual Behavior
----------------
N/A
Reproducibility
---------------
Reproducible
System Configuration
-------
N/A
Branch/Pull Time/Commit
-------
stx main branch
Last Pass
---------
N/A
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Security vulnerabilities review
Workaround
----------
None
Changed in starlingx: | |
importance: | Undecided → Medium |
Next StarlingX relese (stx.9.0) will deliver an stx-openstack application with OpenStack Antelope based images generated on top of the `stable/2023.1` branch and all affected services have a fix for this on this branch (note that we don't build glance_store or os-brick images):
Cinder: https:/ /review. opendev. org/c/openstack /cinder/ +/882836 /review. opendev. org/c/openstack /cinder/ +/882836 /review. opendev. org/c/openstack /glance_ store/+ /882851 /review. opendev. org/c/openstack /os-brick/ +/882843
Nova: https:/
Glance store: https:/
OS Brick: https:/