5.5
CVE-2022-44020
- EPSS 0.1%
- Veröffentlicht 30.10.2022 00:15:10
- Zuletzt bearbeitet 07.05.2025 14:15:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opendev ≫ Sushy-tools SwPlatformopenstack Version < 0.21.1
Opendev ≫ Virtualbmc SwPlatformopenstack Version < 3.0.0
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Fedoraproject ≫ Fedora Version37
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.271 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.