漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgi decorator compares the caller's project_id with itself rather than the target resource). Any authenticated non-admin user can complete various actions such as deleting ARQs bound to other projects' instances, aka cross-tenant denial of service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
属主管理不恰当
Vulnerability Title
OpenStack Cyborg 安全漏洞
Vulnerability Description
OpenStack Cyborg是OpenStack开源的一个加速器资源管理与调度服务组件。 OpenStack Cyborg 16.0.1之前版本存在安全漏洞,该漏洞源于加速器请求API未强制执行项目所有权,可能导致认证用户删除其他项目实例绑定的ARQ。
CVSS Information
N/A
Vulnerability Type
N/A