Bug 2155652 (CVE-2022-38065)

Summary: CVE-2022-38065 oslo-privsep: privilege escalation vulnerability
Product: [Other] Security Response Reporter: Anten Skrabec <askrabec>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: eglynn, hberaud, jjoyce, jschluet, lhh, mburns, mgarciac, rhos-maint, slinaber, smooney, spower, tvignaud
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A privilege escalation flaw was found in the oslo-privsep functionality in OpenStack. Overly permissive functionality in the tools leveraging this library within a container can lead to increased privileges.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2155888, 2155889, 2155890, 2155891, 2155892    
Bug Blocks: 2155601    

Description Anten Skrabec 2022-12-21 18:21:51 UTC 
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.
Comment 2 Lon Hohberger 2022-12-21 20:59:21 UTC 
The commit noted, 05194e7618, does not exist in os-brick, nova, or oslo.privsep
Comment 4 Anten Skrabec 2022-12-22 18:54:31 UTC 
Created python-oslo-privsep tracking bugs for this issue:

Affects: openstack-rdo [bug 2155888]