Moderate severityNVD Advisory· Published Oct 29, 2022· Updated May 7, 2025
CVE-2022-44020
CVE-2022-44020
Description
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sushy-toolsPyPI | < 0.21.1 | 0.21.1 |
virtualbmcPyPI | < 3.0.0 | 3.0.0 |
Affected products
3- OpenStack/Sushy-Toolsdescription
- ghsa-coords2 versions
< 0.21.1+ 1 more
- (no CPE)range: < 0.21.1
- (no CPE)range: < 3.0.0
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-5pj3-6fqm-8m7mghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-44020ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFEghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4QghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJCghsaWEB
- review.opendev.org/c/openstack/sushy-tools/+/862625ghsaWEB
- review.opendev.org/c/openstack/virtualbmc/+/862620ghsaWEB
- storyboard.openstack.orgghsaWEB
- storyboard.openstack.orgmitre
News mentions
0No linked articles in our index yet.