Ubuntu
python-glance-store package

Unauthorized volume access through deleted volume attachments (CVE-2023-2088)

Bug #2021980 reported by Corey Bryant
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
Status tracked in Bobcat
Antelope
Fix Released
High
Unassigned
Bobcat
Fix Released
High
Unassigned
Ussuri
Won't Fix
Undecided
Unassigned
Victoria
Won't Fix
Undecided
Unassigned
Wallaby
Won't Fix
Undecided
Unassigned
Xena
Won't Fix
Undecided
Unassigned
Yoga
Fix Released
High
Unassigned
Zed
Fix Released
High
Unassigned
cinder (Ubuntu)
Status tracked in Mantic
Bionic
Won't Fix
Undecided
Unassigned
Focal
Won't Fix
Undecided
Unassigned
Jammy
Fix Released
High
Unassigned
Kinetic
Won't Fix
High
Unassigned
Lunar
Fix Released
High
Unassigned
Mantic
Fix Released
High
Unassigned
ironic (Ubuntu)
Status tracked in Mantic
Bionic
Won't Fix
Undecided
Unassigned
Focal
Won't Fix
Undecided
Unassigned
Jammy
Fix Released
High
Unassigned
Kinetic
Won't Fix
High
Unassigned
Lunar
Fix Released
High
Unassigned
Mantic
Fix Released
High
Unassigned
nova (Ubuntu)
Status tracked in Mantic
Bionic
Won't Fix
Undecided
Unassigned
Focal
Won't Fix
Undecided
Unassigned
Jammy
Fix Released
High
Unassigned
Kinetic
Won't Fix
High
Unassigned
Lunar
Fix Released
High
Unassigned
Mantic
Fix Released
High
Unassigned
python-glance-store (Ubuntu)
Status tracked in Mantic
Bionic
Won't Fix
Undecided
Unassigned
Focal
Won't Fix
Undecided
Unassigned
Jammy
Fix Released
High
Unassigned
Kinetic
Won't Fix
High
Unassigned
Lunar
Fix Released
High
Unassigned
Mantic
Fix Released
High
Unassigned
python-os-brick (Ubuntu)
Status tracked in Mantic
Bionic
Won't Fix
Undecided
Unassigned
Focal
Won't Fix
Undecided
Unassigned
Jammy
Fix Released
High
Unassigned
Kinetic
Won't Fix
High
Unassigned
Lunar
Fix Released
High
Unassigned
Mantic
Fix Released
High
Unassigned

Bug Description

OpenStack security advisory: https://security.openstack.org/ossa/OSSA-2023-003.html

Note: This is the second attempt at patching this CVE. The first time with the embargo patches resulted in an ironic regression. There have also been additional changes since the embargo patches. We also want to coordinate documentation better this time as service tokens are now required.

See original description

CVE References

Corey Bryant (corey.bryant)
Changed in nova (Ubuntu Jammy):
status: New → Triaged
importance: Undecided → High
Changed in nova (Ubuntu Kinetic):
status: New → Triaged
importance: Undecided → High
Changed in nova (Ubuntu Lunar):
status: New → Triaged
importance: Undecided → High
Changed in nova (Ubuntu Mantic):
status: New → Triaged
importance: Undecided → High
Changed in cinder (Ubuntu Jammy):
importance: Undecided → High
status: New → Triaged
Changed in cinder (Ubuntu Kinetic):
importance: Undecided → High
status: New → Triaged
Changed in cinder (Ubuntu Lunar):
importance: Undecided → High
status: New → Triaged
Changed in cinder (Ubuntu Mantic):
importance: Undecided → High
status: New → Triaged
no longer affects: cloud-archive/ussuri
Corey Bryant (corey.bryant)
Changed in ironic (Ubuntu Jammy):
importance: Undecided → High
status: New → Triaged
Changed in ironic (Ubuntu Kinetic):
importance: Undecided → High
status: New → Triaged
Changed in ironic (Ubuntu Lunar):
importance: Undecided → High
status: New → Triaged
Changed in ironic (Ubuntu Mantic):
importance: Undecided → High
status: New → Triaged
Changed in python-glance-store (Ubuntu Jammy):
importance: Undecided → High
status: New → Triaged
Changed in python-glance-store (Ubuntu Kinetic):
importance: Undecided → High
status: New → Triaged
Changed in python-glance-store (Ubuntu Lunar):
importance: Undecided → High
status: New → Triaged
Changed in python-glance-store (Ubuntu Mantic):
importance: Undecided → High
status: New → Triaged
Changed in python-os-brick (Ubuntu Mantic):
importance: Undecided → High
status: New → Triaged
Changed in python-os-brick (Ubuntu Lunar):
importance: Undecided → High
status: New → Triaged
Changed in python-os-brick (Ubuntu Kinetic):
importance: Undecided → High
status: New → Triaged
Changed in python-os-brick (Ubuntu Jammy):
importance: Undecided → High
status: New → Triaged
no longer affects: cloud-archive/victoria
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:22.0.0-0ubuntu4

---------------
cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete
      attachment calls.
    - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Fri, 26 May 2023 16:16:03 -0400

Changed in cinder (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ironic - 1:21.4.0-0ubuntu2

---------------
ironic (1:21.4.0-0ubuntu2) mantic; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Fix Cinder Integration
      fallout from CVE-2023-2088
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 14:42:54 -0400

Changed in ironic (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 3:27.0.0-0ubuntu4

---------------
nova (3:27.0.0-0ubuntu4) mantic; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
      disconnect during delete.
    - debian/patches/CVE-2023-2088-2.patch: Enable use of service user
      token with admin context.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 12:11:02 -0400

Changed in nova (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-glance-store - 4.3.0-0ubuntu4

---------------
python-glance-store (4.3.0-0ubuntu4) mantic; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Add force to os-brick
      disconnect.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 14:53:17 -0400

Changed in python-glance-store (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 6.2.0-0ubuntu5

---------------
python-os-brick (6.2.0-0ubuntu5) mantic; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Support force disconnect for
      fibre channel.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 15:05:40 -0400

Changed in python-os-brick (Ubuntu Mantic):
status: Triaged → Fix Released
Corey Bryant (corey.bryant)
Changed in cloud-archive:
status: Triaged → Fix Committed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:22.0.0-0ubuntu4~cloud0
---------------

 cinder (2:22.0.0-0ubuntu4~cloud0) jammy-bobcat; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
     - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete
       attachment calls.
     - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token.
     - CVE-2023-2088

Changed in cloud-archive:
status: Fix Committed → Fix Released
Corey Bryant (corey.bryant)
Changed in cinder (Ubuntu Bionic):
status: New → Won't Fix
Changed in cinder (Ubuntu Focal):
status: New → Won't Fix
Changed in ironic (Ubuntu Bionic):
status: New → Won't Fix
Changed in ironic (Ubuntu Focal):
status: New → Won't Fix
Changed in nova (Ubuntu Bionic):
status: New → Won't Fix
Changed in nova (Ubuntu Focal):
status: New → Won't Fix
Changed in python-glance-store (Ubuntu Bionic):
status: New → Won't Fix
Changed in python-glance-store (Ubuntu Focal):
status: New → Won't Fix
Changed in python-os-brick (Ubuntu Bionic):
status: New → Won't Fix
Changed in python-os-brick (Ubuntu Focal):
status: New → Won't Fix
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Please see documentation for this issue at: https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:20.2.0-0ubuntu1.1

---------------
cinder (2:20.2.0-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
      attachment calls.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:26:58 -0400

Changed in cinder (Ubuntu Jammy):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:22.0.0-0ubuntu1.3

---------------
cinder (2:22.0.0-0ubuntu1.3) lunar-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
      attachment calls.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 12:03:07 -0400

Changed in cinder (Ubuntu Lunar):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 3:25.1.1-0ubuntu1.1

---------------
nova (3:25.1.1-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
      disconnect during delete.
    - debian/patches/CVE-2023-2088-2.patch: Enable use of service user
      token with admin context.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:43:41 -0400

Changed in nova (Ubuntu Jammy):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ironic - 1:21.4.0-0ubuntu1.1

---------------
ironic (1:21.4.0-0ubuntu1.1) lunar-security; urgency=medium

  * d/gbp.conf: Create stable/2023.1 branch.
  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Fix Cinder Integration
      fallout from CVE-2023-2088
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:10:46 -0400

Changed in ironic (Ubuntu Lunar):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-glance-store - 3.0.0-0ubuntu1.3

---------------
python-glance-store (3.0.0-0ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Add force to os-brick
      disconnect.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 15:48:16 -0400

Changed in python-glance-store (Ubuntu Jammy):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 6.2.0-0ubuntu2.3

---------------
python-os-brick (6.2.0-0ubuntu2.3) lunar-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Support force disconnect for
      fibre channel.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 15:19:28 -0400

Changed in python-os-brick (Ubuntu Lunar):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-glance-store - 4.3.0-0ubuntu1.3

---------------
python-glance-store (4.3.0-0ubuntu1.3) lunar-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Add force to os-brick
      disconnect.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 15:42:32 -0400

Changed in python-glance-store (Ubuntu Lunar):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 3:27.0.0-0ubuntu1.3

---------------
nova (3:27.0.0-0ubuntu1.3) lunar-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
      disconnect during delete.
    - debian/patches/CVE-2023-2088-2.patch: Enable use of service user
      token with admin context.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:32:03 -0400

Changed in nova (Ubuntu Lunar):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 5.2.2-0ubuntu1.2

---------------
python-os-brick (5.2.2-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Support force disconnect for
      fibre channel.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 15:37:17 -0400

Changed in python-os-brick (Ubuntu Jammy):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ironic - 1:20.1.0-0ubuntu1.1

---------------
ironic (1:20.1.0-0ubuntu1.1) jammy-security; urgency=medium

  * d/gbp.conf: Create stable/yoga branch.
  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Fix Cinder Integration
      fallout from CVE-2023-2088
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:16:26 -0400

Changed in ironic (Ubuntu Jammy):
status: Triaged → Fix Released
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Ubuntu 22.10 (Kinetic Kudu) has reached end of life, so this bug will not be fixed for that specific release.

Changed in nova (Ubuntu Kinetic):
status: Triaged → Won't Fix
Changed in cinder (Ubuntu Kinetic):
status: Triaged → Won't Fix
Changed in python-os-brick (Ubuntu Kinetic):
status: Triaged → Won't Fix
Changed in python-glance-store (Ubuntu Kinetic):
status: Triaged → Won't Fix
Changed in ironic (Ubuntu Kinetic):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.