An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| sushy-tools(PyPI) | 0 | 0.21.1 | N/A |
| virtualbmc(PyPI) | 0 | 3.0.0 | N/A |
CVSS Metrics
