Vulnerabilities > CVE-2022-44020 - Improper Preservation of Permissions vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://review.opendev.org/c/openstack/virtualbmc/+/862620
- https://review.opendev.org/c/openstack/sushy-tools/+/862625
- https://storyboard.openstack.org/#%21/story/2010382
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC/