A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on confidentiality. This affects installations with iSCSI or FC-based volumes.

Details are available in this SVG advisory.