Candidate: CVE-2020-9543
CRD: 2020-03-10 15:00:00 UTC
PublicDate: 2020-03-12 17:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9543
Description:
 OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows
 attackers to view, update, delete, or share resources that do not belong to
 them, because of a context-free lookup of a UUID. Attackers may also create
 resources, such as shared file systems and groups of shares on such share
 networks.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
 https://bugs.launchpad.net/manila/+bug/1861485
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L [8.3 HIGH]


Patches_manila:
upstream_manila: released (1:9.0.0-5)
precise/esm_manila: DNE
trusty_manila: ignored (out of standard support)
trusty/esm_manila: DNE
xenial_manila: ignored (end of standard support, was needed)
bionic_manila: needed
eoan_manila: ignored (reached end-of-life)
focal_manila: not-affected (1:10.0.0~b3~git2020032516.cb016333-0ubuntu1)
groovy_manila: not-affected (1:10.0.0~b3~git2020032516.cb016333-0ubuntu1)
hirsute_manila: not-affected (1:10.0.0~b3~git2020032516.cb016333-0ubuntu1)
impish_manila: not-affected (1:10.0.0~b3~git2020032516.cb016333-0ubuntu1)
jammy_manila: not-affected (1:10.0.0~b3~git2020032516.cb016333-0ubuntu1)
devel_manila: not-affected (1:10.0.0~b3~git2020032516.cb016333-0ubuntu1)