A critical vulnerability has been found in device-mapper-multipath which may allow authorization bypass

Details on this can be found here: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt

The vulnerability only affects hosts that are running multipathd services and allow users to run their own code (shared login services or worker nodes).

The SVG advisory is available on this link: https://advisories.egi.eu/Advisory-SVG-CVE-2022-41974