Vulnerability Details CVE-2022-44020
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.3%
CVSS Severity
CVSS v3 Score 5.5
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC/
- https://review.opendev.org/c/openstack/sushy-tools/+/862625
- https://review.opendev.org/c/openstack/virtualbmc/+/862620
- https://storyboard.openstack.org/#%21/story/2010382
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC/
- https://review.opendev.org/c/openstack/sushy-tools/+/862625
- https://review.opendev.org/c/openstack/virtualbmc/+/862620
- https://storyboard.openstack.org/#%21/story/2010382
Products affected by CVE-2022-44020
-
cpe:2.3:a:opendev:sushy-tools:-
-
cpe:2.3:a:opendev:sushy-tools:0.1.0
-
cpe:2.3:a:opendev:sushy-tools:0.10.0
-
cpe:2.3:a:opendev:sushy-tools:0.11.0
-
cpe:2.3:a:opendev:sushy-tools:0.11.1
-
cpe:2.3:a:opendev:sushy-tools:0.12.0
-
cpe:2.3:a:opendev:sushy-tools:0.12.1
-
cpe:2.3:a:opendev:sushy-tools:0.13.0
-
cpe:2.3:a:opendev:sushy-tools:0.14.0
-
cpe:2.3:a:opendev:sushy-tools:0.15.0
-
cpe:2.3:a:opendev:sushy-tools:0.16.0
-
cpe:2.3:a:opendev:sushy-tools:0.17.0
-
cpe:2.3:a:opendev:sushy-tools:0.18.0
-
cpe:2.3:a:opendev:sushy-tools:0.18.1
-
cpe:2.3:a:opendev:sushy-tools:0.18.2
-
cpe:2.3:a:opendev:sushy-tools:0.19.0
-
cpe:2.3:a:opendev:sushy-tools:0.2.0
-
cpe:2.3:a:opendev:sushy-tools:0.20.0
-
cpe:2.3:a:opendev:sushy-tools:0.21.0
-
cpe:2.3:a:opendev:sushy-tools:0.3.0
-
cpe:2.3:a:opendev:sushy-tools:0.4.0
-
cpe:2.3:a:opendev:sushy-tools:0.5.0
-
cpe:2.3:a:opendev:sushy-tools:0.6.0
-
cpe:2.3:a:opendev:sushy-tools:0.7.0
-
cpe:2.3:a:opendev:sushy-tools:0.8.0
-
cpe:2.3:a:opendev:sushy-tools:0.9.0
-
cpe:2.3:a:opendev:virtualbmc:0.1.0
-
cpe:2.3:a:opendev:virtualbmc:1.0.0
-
cpe:2.3:a:opendev:virtualbmc:1.1.0
-
cpe:2.3:a:opendev:virtualbmc:1.2.0
-
cpe:2.3:a:opendev:virtualbmc:1.3.0
-
cpe:2.3:a:opendev:virtualbmc:1.4.0
-
cpe:2.3:a:opendev:virtualbmc:1.5.0
-
cpe:2.3:a:opendev:virtualbmc:1.6.0
-
cpe:2.3:a:opendev:virtualbmc:2.0.0
-
cpe:2.3:a:opendev:virtualbmc:2.1.0
-
cpe:2.3:a:opendev:virtualbmc:2.2.0
-
cpe:2.3:a:opendev:virtualbmc:2.2.1
-
cpe:2.3:a:opendev:virtualbmc:2.2.2
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37