cvedb.io
CVE-2022-44020
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2022-10-30T00:15:10.130 · Last modified 2026-06-17T05:07:40.847

Summary

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."

Affected products

opendev — sushy-tools

Does this affect you?

Add your gear to cvedb and we'll alert you only when opendev ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.