Описание
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
A flaw was found in Ceph-ansible where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
Отчет
Red Hat OpenStack Platform 13 ships the flawed code, however RHOSP does not deploy ceph-iscsi-gw role in any supported scenario. For this reason, a ceph-ansible update will not be provided at this time. Red Hat Ceph Storage 3 and 4 create /etc/ceph/iscsi-gateway.conf with the insecure permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ceph-ansible | Out of support scope | ||
| Red Hat Ceph Storage 3 | ceph-ansible | Affected | ||
| Red Hat OpenStack Platform 13 (Queens) | ceph-ansible | Will not fix | ||
| Red Hat Ceph Storage 4.2 | ceph-ansible | Fixed | RHSA-2021:0081 | 12.01.2021 |
| Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 | ocs4/cephcsi-rhel8 | Fixed | RHBA-2021:0305 | 01.02.2021 |
| Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 | ocs4/mcg-core-rhel8 | Fixed | RHBA-2021:0305 | 01.02.2021 |
| Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 | ocs4/mcg-rhel8-operator | Fixed | RHBA-2021:0305 | 01.02.2021 |
| Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 | ocs4/ocs-must-gather-rhel8 | Fixed | RHBA-2021:0305 | 01.02.2021 |
| Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 | ocs4/ocs-operator-bundle | Fixed | RHBA-2021:0305 | 01.02.2021 |
| Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 | ocs4/ocs-rhel8-operator | Fixed | RHBA-2021:0305 | 01.02.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within.
EPSS
5.5 Medium
CVSS3