CVE-2022-44020

CVE Database · CVE-2022-44020

CVE-2022-44020

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.22%

Published

Oct 29, 2022

Modified

May 7, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-281CWE-281

Affected Products (5)

opendev · sushy-tools (up to 0.21.1)vulnerable

opendev · virtualbmc (up to 3.0.0)vulnerable

fedoraproject · fedoravulnerable

References (12)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC/