CVE-2020-10755
Description
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the `connection_info` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cinderPyPI | >= 14.0.0, < 14.1.0 | 14.1.0 |
cinderPyPI | >= 15.0.0, < 15.2.0 | 15.2.0 |
cinderPyPI | >= 16.0.0, < 16.1.0 | 16.1.0 |
os-brickPyPI | >= 2.8.0, < 2.8.6 | 2.8.6 |
os-brickPyPI | >= 2.10.0, < 2.10.4 | 2.10.4 |
os-brickPyPI | >= 3.0.0, < 3.0.2 | 3.0.2 |
Affected products
98- ghsa-coords97 versionspkg:pypi/cinderpkg:pypi/os-brickpkg:rpm/suse/ansible1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-logging&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-vsphere&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-vsphere&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-heatclient&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-heatclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-neutron-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-neutron-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-octavia-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-octavia-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
>= 14.0.0, < 14.1.0+ 96 more
- (no CPE)range: >= 14.0.0, < 14.1.0
- (no CPE)range: >= 2.8.0, < 2.8.6
- (no CPE)range: < 1.9.6-9.7.2
- (no CPE)range: < 9.0+git.1591138508.e269bdb-3.22.2
- (no CPE)range: < 9.0+git.1588181228.bae3b1f-3.13.2
- (no CPE)range: < 9.0+git.1593631708.9354a78-3.13.2
- (no CPE)range: < 9.0+git.1589740948.c24fc0b-3.19.2
- (no CPE)range: < 9.0+git.1591193994.d93b668-3.13.2
- (no CPE)range: < 9.0+git.1594158642.b5905e4-3.12.2
- (no CPE)range: < 9.0+git.1589385256.7fbfaaf-3.19.2
- (no CPE)range: < 9.0+git.1593618110.cbd1a37-3.16.2
- (no CPE)range: < 9.0+git.1590756257.e09d54f-3.22.2
- (no CPE)range: < 9.0+git.1590079609.a2ae6ab-3.19.2
- (no CPE)range: < 9.0+git.1593033709.9495bb2-3.16.2
- (no CPE)range: < 6.0+git.1594619891.b75a61d0d-3.25.5
- (no CPE)range: < 6.0+git.1591795073.49cb6400e-3.25.3
- (no CPE)range: < 6.2.5-3.12.2
- (no CPE)range: < 6.2.5-3.12.2
- (no CPE)range: < 4.6.3-4.3.2
- (no CPE)range: < 4.6.3-4.3.2
- (no CPE)range: < 7.0.1~dev24-3.9.5
- (no CPE)range: < 7.0.1~dev24-3.9.5
- (no CPE)range: < 11.1.1~dev7-3.16.3
- (no CPE)range: < 11.1.1~dev7-3.16.3
- (no CPE)range: < 13.0.10~dev12-3.22.4
- (no CPE)range: < 13.0.10~dev12-3.22.4
- (no CPE)range: < 14.1.1~dev6-3.15.5
- (no CPE)range: < 14.1.1~dev6-3.15.5
- (no CPE)range: < 7.0.2~dev2-3.19.3
- (no CPE)range: < 7.0.2~dev2-3.19.3
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.6.2
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.6.2
- (no CPE)range: < 11.1.5~dev6-3.19.3
- (no CPE)range: < 11.1.5~dev6-3.19.3
- (no CPE)range: < 14.2.1~dev4-3.22.3
- (no CPE)range: < 14.2.1~dev4-3.22.3
- (no CPE)range: < 7.2.1~dev1-3.13.3
- (no CPE)range: < 7.2.1~dev1-3.13.3
- (no CPE)range: < 7.4.2~dev31-4.24.3
- (no CPE)range: < 7.4.2~dev31-4.24.3
- (no CPE)range: < 2.8.2~dev5-3.9.3
- (no CPE)range: < 2.8.2~dev5-3.9.3
- (no CPE)range: < 13.0.8~dev68-3.25.3
- (no CPE)range: < 13.0.8~dev68-3.25.3
- (no CPE)range: < 2.0.1~dev167-3.3.3
- (no CPE)range: < 2.0.1~dev167-3.3.3
- (no CPE)range: < 18.3.1~dev38-3.25.4
- (no CPE)range: < 18.3.1~dev38-3.25.4
- (no CPE)range: < 0.1.4-7.12.3
- (no CPE)range: < 0.1.4-7.12.3
- (no CPE)range: < 3.2.3~dev7-3.25.3
- (no CPE)range: < 3.2.3~dev7-3.25.3
- (no CPE)range: < 1.0+git.1569436425.8b9c49f-5.3.2
- (no CPE)range: < 1.0+git.1569436425.8b9c49f-5.3.2
- (no CPE)range: < 0.0.3-9.3.2
- (no CPE)range: < 1.11.29-3.15.2
- (no CPE)range: < 1.11.29-3.15.2
- (no CPE)range: < 1.16.3-3.3.3
- (no CPE)range: < 1.16.3-3.3.3
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 2.5.10-3.12.3
- (no CPE)range: < 2.5.10-3.12.3
- (no CPE)range: < 8.1.4-3.6.2
- (no CPE)range: < 8.1.4-3.6.2
- (no CPE)range: < 5.2.0-3.3.2
- (no CPE)range: < 5.2.0-3.3.2
- (no CPE)range: < 0.5.2-4.3.2
- (no CPE)range: < 0.5.2-4.3.2
- (no CPE)range: < 1.23-3.12.2
- (no CPE)range: < 1.23-3.12.2
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 9.20200610-3.21.4
- (no CPE)range: < 9.20200610-3.21.4
- (no CPE)range: < 4.0.0-4.3.1
- (no CPE)range: < 1.7.7-4.3.1
- (no CPE)range: < 2.16.0-4.9.1
- (no CPE)range: < 7.0.1~dev24-3.19.3
- (no CPE)range: < 13.0.10~dev12-3.19.2
- (no CPE)range: < 7.0.2~dev2-3.19.2
- (no CPE)range: < 17.0.1~dev30-3.17.2
- (no CPE)range: < 11.0.3~dev35-3.19.2
- (no CPE)range: < 14.1.1~dev6-4.18.3
- (no CPE)range: < 11.1.5~dev6-4.15.2
- (no CPE)range: < 14.2.1~dev4-3.19.2
- (no CPE)range: < 7.2.1~dev1-4.19.2
- (no CPE)range: < 7.4.2~dev31-3.21.2
- (no CPE)range: < 1.8.2~dev3-3.19.2
- (no CPE)range: < 2.7.1~dev10-3.17.3
- (no CPE)range: < 13.0.8~dev68-6.19.2
- (no CPE)range: < 18.3.1~dev38-3.19.3
- (no CPE)range: < 3.2.3~dev7-4.19.2
- (no CPE)range: < 9.0.2~dev15-3.19.2
- (no CPE)range: < 2.19.2~dev48-2.14.2
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-v3m2-pg96-w33mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10755ghsaADVISORY
- usn.ubuntu.com/4420-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugs.launchpad.net/cinder/+bug/1823200ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/openstack/cinder/commit/ba785eef5f515b869c0d68016e84bb74f76ab45eghsaWEB
- github.com/openstack/os-brick/commit/4047948f1ac8055a025972ad73ec3ec421450775ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2020-228.yamlghsaWEB
- usn.ubuntu.com/4420-1ghsaWEB
- wiki.openstack.org/wiki/OSSN/OSSN-0086ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.