Описание
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
A flaw was found in OpenStack Manila, where owning a Ceph File system "share" enables the owner to read/write any Manila share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This flaw allows an attacker to compromise the confidentiality and integrity of a file system.
Отчет
Red Hat OpenStack Platform deployments use the Ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ceph | Out of support scope | ||
| Red Hat Ceph Storage 3 | ceph | Out of support scope | ||
| Red Hat Ceph Storage 4 | ceph | Will not fix | ||
| Red Hat Enterprise Linux 7 | ceph-common | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Enterprise Linux 9 | ceph | Not affected | ||
| Red Hat Openshift Data Foundation 4 | ceph | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | ceph | Will not fix | ||
| Red Hat Ceph Storage 5.2 | ceph | Fixed | RHSA-2022:5997 | 09.08.2022 |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
A flaw was found in Openstack manilla owning a Ceph File system "share ...
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
8.1 High
CVSS3