{"id":"PYSEC-2020-63","details":"OpenStack Manila \u003c7.4.1, \u003e=8.0.0 \u003c8.1.1, and \u003e=9.0.0 \u003c9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.","aliases":["CVE-2020-9543","GHSA-jx7v-gmqc-6xrj"],"modified":"2024-04-29T10:41:28.463750Z","published":"2020-03-12T17:15:00Z","references":[{"type":"WEB","url":"https://bugs.launchpad.net/manila/+bug/1861485"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2020/03/12/1"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2020-002.html"}],"affected":[{"package":{"name":"manila","ecosystem":"PyPI","purl":"pkg:pypi/manila"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.4.1"},{"introduced":"8.0.0"},{"fixed":"8.1.1"},{"introduced":"9.0.0"},{"fixed":"9.1.1"}]}],"versions":["4.0.2","5.0.2","5.0.3","5.1.0","6.1.0","6.2.0","6.3.0","6.3.1","6.3.2","7.0.0","7.1.0","7.2.0","7.3.0","7.4.0","8.0.0","8.0.1","8.1.0","9.0.0","9.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/manila/PYSEC-2020-63.yaml"}}],"schema_version":"1.7.3"}