CVE 2023-2088
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Related bugs and status
CVE-2023-2088 (Candidate) is related to these bugs:
Bug #1945500: [SRU] It's not possible to upload a volume that was build from an image back to glance, if multistore (glance) is enabled.
Bug #1960758: UEFI libvirt servers can't boot on Ubuntu 20.04 hypervisors with Ussuri/Victoria
Bug #2004555: [OSSA-2023-003] Unauthorized volume access through deleted volume attachments (CVE-2023-2088)
Bug #2018564: [SRU] python-os-brick stable point releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2018564 | [SRU] python-os-brick stable point releases | python-os-brick (Ubuntu) | Undecided | Invalid | ||
| 2018564 | [SRU] python-os-brick stable point releases | python-os-brick (Ubuntu Jammy) | High | Fix Released | ||
| 2018564 | [SRU] python-os-brick stable point releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2018564 | [SRU] python-os-brick stable point releases | Ubuntu Cloud Archive xena | High | Fix Released | ||
| 2018564 | [SRU] python-os-brick stable point releases | Ubuntu Cloud Archive yoga | High | Fix Released | ||
Bug #2019460: nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2019460 | nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2019460 | nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes | OpenStack Compute (nova) | Undecided | Invalid | ||
| 2019460 | nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes | Ubuntu Cloud Archive wallaby | Critical | Fix Released | ||
| 2019460 | nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes | Ubuntu Cloud Archive victoria | Critical | Fix Released | ||
| 2019460 | nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes | nova (Ubuntu) | Undecided | Invalid | ||
| 2019460 | nova-compute 23.2.2-0ubuntu1~cloud2 unable to detach volumes | nova (Ubuntu Focal) | Critical | Fix Released | ||
Bug #2019755: [SRU] zed stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2019755 | [SRU] zed stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2019755 | [SRU] zed stable releases | Ubuntu Cloud Archive zed | High | Fix Released | ||
| 2019755 | [SRU] zed stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 2019755 | [SRU] zed stable releases | cinder (Ubuntu Kinetic) | High | Fix Released | ||
| 2019755 | [SRU] zed stable releases | heat (Ubuntu) | Undecided | Invalid | ||
| 2019755 | [SRU] zed stable releases | heat (Ubuntu Kinetic) | High | Fix Released | ||
| 2019755 | [SRU] zed stable releases | manila (Ubuntu) | Undecided | Invalid | ||
| 2019755 | [SRU] zed stable releases | manila (Ubuntu Kinetic) | High | Fix Released | ||
| 2019755 | [SRU] zed stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 2019755 | [SRU] zed stable releases | nova (Ubuntu Kinetic) | High | Fix Released | ||
Bug #2019759: [SRU] yoga stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2019759 | [SRU] yoga stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2019759 | [SRU] yoga stable releases | Ubuntu Cloud Archive yoga | High | Fix Released | ||
| 2019759 | [SRU] yoga stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 2019759 | [SRU] yoga stable releases | cinder (Ubuntu Jammy) | High | Fix Released | ||
| 2019759 | [SRU] yoga stable releases | designate (Ubuntu) | Undecided | Invalid | ||
| 2019759 | [SRU] yoga stable releases | designate (Ubuntu Jammy) | High | Fix Released | ||
| 2019759 | [SRU] yoga stable releases | heat (Ubuntu) | Undecided | Invalid | ||
| 2019759 | [SRU] yoga stable releases | heat (Ubuntu Jammy) | High | Fix Released | ||
| 2019759 | [SRU] yoga stable releases | manila (Ubuntu) | Undecided | Invalid | ||
| 2019759 | [SRU] yoga stable releases | manila (Ubuntu Jammy) | High | Fix Released | ||
| 2019759 | [SRU] yoga stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 2019759 | [SRU] yoga stable releases | nova (Ubuntu Jammy) | High | Fix Released | ||
Bug #2019762: [SRU] xena stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2019762 | [SRU] xena stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2019762 | [SRU] xena stable releases | Ubuntu Cloud Archive xena | High | Fix Released | ||
Bug #2019888: Detach volume from instance using the Compute API got HTTP 409
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2019888 | Detach volume from instance using the Compute API got HTTP 409 | OpenStack Nova Compute Charm | Undecided | New | ||
Bug #2019892: Cinder OSSA-2023-003 breaks Ironic Boot From Volume
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2019892 | Cinder OSSA-2023-003 breaks Ironic Boot From Volume | Ironic | Critical | Fix Released | ||
Bug #2020111: CVE-2023-2088 regressions
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2020111 | CVE-2023-2088 regressions | nova (Ubuntu) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | nova (Ubuntu Kinetic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | nova (Ubuntu Focal) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | nova (Ubuntu Mantic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | nova (Ubuntu Jammy) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | nova (Ubuntu Lunar) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | cinder (Ubuntu) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | cinder (Ubuntu Focal) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | cinder (Ubuntu Jammy) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | cinder (Ubuntu Kinetic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | cinder (Ubuntu Lunar) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | cinder (Ubuntu Mantic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-glance-store (Ubuntu) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-glance-store (Ubuntu Focal) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-glance-store (Ubuntu Jammy) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-glance-store (Ubuntu Kinetic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-glance-store (Ubuntu Lunar) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-glance-store (Ubuntu Mantic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-os-brick (Ubuntu) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-os-brick (Ubuntu Focal) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-os-brick (Ubuntu Jammy) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-os-brick (Ubuntu Kinetic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-os-brick (Ubuntu Lunar) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | python-os-brick (Ubuntu Mantic) | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive xena | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive yoga | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive wallaby | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive victoria | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive zed | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive bobcat | Critical | Fix Released | ||
| 2020111 | CVE-2023-2088 regressions | Ubuntu Cloud Archive antelope | Critical | Fix Released | ||
Bug #2021980: Unauthorized volume access through deleted volume attachments (CVE-2023-2088)
Bug #2025491: [SRU] antelope stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2025491 | [SRU] antelope stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2025491 | [SRU] antelope stable releases | Ubuntu Cloud Archive antelope | High | Fix Released | ||
| 2025491 | [SRU] antelope stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 2025491 | [SRU] antelope stable releases | cinder (Ubuntu Lunar) | High | Fix Released | ||
| 2025491 | [SRU] antelope stable releases | neutron (Ubuntu) | Undecided | Invalid | ||
| 2025491 | [SRU] antelope stable releases | neutron (Ubuntu Lunar) | High | Fix Released | ||
| 2025491 | [SRU] antelope stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 2025491 | [SRU] antelope stable releases | nova (Ubuntu Lunar) | High | Fix Released | ||
Bug #2025499: [SRU] zed stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2025499 | [SRU] zed stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2025499 | [SRU] zed stable releases | Ubuntu Cloud Archive zed | High | Fix Released | ||
| 2025499 | [SRU] zed stable releases | ceilometer (Ubuntu) | Undecided | Invalid | ||
| 2025499 | [SRU] zed stable releases | ceilometer (Ubuntu Kinetic) | High | Won't Fix | ||
| 2025499 | [SRU] zed stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 2025499 | [SRU] zed stable releases | cinder (Ubuntu Kinetic) | High | Won't Fix | ||
| 2025499 | [SRU] zed stable releases | neutron (Ubuntu) | Undecided | Invalid | ||
| 2025499 | [SRU] zed stable releases | neutron (Ubuntu Kinetic) | High | Won't Fix | ||
| 2025499 | [SRU] zed stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 2025499 | [SRU] zed stable releases | nova (Ubuntu Kinetic) | High | Won't Fix | ||
| 2025499 | [SRU] zed stable releases | python-neutron-lib (Ubuntu) | Undecided | Invalid | ||
| 2025499 | [SRU] zed stable releases | python-neutron-lib (Ubuntu Kinetic) | High | Won't Fix | ||
Bug #2025503: [SRU] yoga stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2025503 | [SRU] yoga stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 2025503 | [SRU] yoga stable releases | Ubuntu Cloud Archive yoga | High | Fix Released | ||
| 2025503 | [SRU] yoga stable releases | ceilometer (Ubuntu) | Undecided | Invalid | ||
| 2025503 | [SRU] yoga stable releases | ceilometer (Ubuntu Jammy) | High | Fix Released | ||
| 2025503 | [SRU] yoga stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 2025503 | [SRU] yoga stable releases | cinder (Ubuntu Jammy) | High | Fix Released | ||
| 2025503 | [SRU] yoga stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 2025503 | [SRU] yoga stable releases | nova (Ubuntu Jammy) | High | Fix Released | ||
Bug #2039381: Regarding Nova's inability to delete the Cinder volume for creating virtual machines (version Y)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2039381 | Regarding Nova's inability to delete the Cinder volume for creating virtual machines (version Y) | OpenStack Compute (nova) | Undecided | Invalid | ||
| 2039381 | Regarding Nova's inability to delete the Cinder volume for creating virtual machines (version Y) | Cinder | Undecided | Invalid | ||
Bug #2048868: TestServerVolumeAttachScenarioOldVersion.test_old_versions_reject Test testtools.matchers._impl.MismatchError
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2048868 | TestServerVolumeAttachScenarioOldVersion.test_old_versions_reject Test testtools.matchers._impl.MismatchError | tempest | Undecided | New | ||
Bug #2060696: ConflictNovaUsingAttachment: Detach volume from instance using the Compute API (HTTP 409)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2060696 | ConflictNovaUsingAttachment: Detach volume from instance using the Compute API (HTTP 409) | OpenStack Compute (nova) | Undecided | Incomplete | ||
See the 
CVE page on Mitre.org
for more details.
