CVE-2022-38065
Publication date 21 December 2022
Last updated 25 August 2025
Ubuntu priority
Description
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openstack | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Ignored end of standard support | |
| python-oslo.privsep | ||
| 22.04 LTS jammy | Ignored | |
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Notes
mdeslaur
Upstream doesn't consider this a security issue, but as a hardening improvement as it works as documented. There are no plans to fix this in stable releases. See discussion in upstream bug report. We will not be fixing this issue in our stable releases either, so marking as ignored.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |