QwikSec

Security Database

CVE

CWE

Training

CVE-2022-44020

Published: Oct 29, 2022

Modified: May 7, 2025

PUBLISHED

Description

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://storyboard.openstack.org/#%21/story/2010382

https://review.opendev.org/c/openstack/virtualbmc/+/862620

https://review.opendev.org/c/openstack/sushy-tools/+/862625

FEDORA-2022-471e14677d

vendor-advisory

FEDORA-2022-72b8efd577

vendor-advisory

FEDORA-2022-42723b43fe

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.