CVE-2023-2088

Summary

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Affected Software

VendorProductVersion RangeStatus
n/aOpenStackunknownaffected

Weaknesses

  • CWE-440: CWE-440->CWE-200

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References