CVE-2022-38065
Published: 21 December 2022
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.
Notes
Author | Note |
---|---|
mdeslaur | Upstream doesn't consider this a security issue, but as a hardening improvement as it works as documented. There are no plans to fix this in stable releases. See discussion in upstream bug report. We will not be fixing this issue in our stable releases either, so marking as ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
openstack Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
|
|
python-oslo.privsep Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
focal |
Ignored
|
|
jammy |
Ignored
|
|
kinetic |
Ignored
|
|
lunar |
Ignored
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |