{"id":"CVE-2020-9543","details":"OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.","aliases":["GHSA-jx7v-gmqc-6xrj","PYSEC-2020-63"],"modified":"2026-03-20T11:38:05.169780Z","published":"2020-03-12T17:15:11.077Z","related":["SUSE-SU-2020:0659-1","SUSE-SU-2020:0660-1","SUSE-SU-2020:1066-1","SUSE-SU-2020:1190-1"],"references":[{"type":"REPORT","url":"https://bugs.launchpad.net/manila/+bug/1861485"},{"type":"FIX","url":"https://security.openstack.org/ossa/OSSA-2020-002.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2020/03/12/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/manila","events":[{"introduced":"0"},{"fixed":"d16b5f0ea41419bdf4eb4e66ce4551571ee6acec"},{"introduced":"54bce0a9ca07952cd97cd2bc8641f81ab2c49af5"},{"fixed":"7943ac4fb062a8e86bd63a01f90be5bb67523a46"},{"introduced":"dd86685cd962dad6b99be27444422d80dc7bf8a3"},{"fixed":"02fd716bf83849873f0bccb78b851196e6acf2b7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.4.1"},{"introduced":"8.0.0"},{"fixed":"8.1.1"},{"introduced":"9.0.0"},{"fixed":"9.1.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9543.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}]}