Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3650

Опубликовано: 25 окт. 2022
Источник: redhat
CVSS3: 8.8

Описание

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. This issue can lead to loss of confidentiality, integrity, and availability.

Отчет

By sending a specially-crafted request, a locally authenticated attacker could exploit this vulnerability to gain elevated privileges as root. Access to Redhat Openshift Data Foundation container is very limited. Hence, the per-product impact for Red Hat Openshift Data Foundation is set to Moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 3cephAffected
Red Hat Ceph Storage 4cephAffected
Red Hat Enterprise Linux 8cephNot affected
Red Hat Enterprise Linux 9cephNot affected
Red Hat Openshift Container Storage 4cephOut of support scope
Red Hat Openshift Data Foundation 4cephAffected
Red Hat OpenStack Platform 13 (Queens)cephNot affected
Red Hat Ceph Storage 5.3cephFixedRHSA-2023:098028.02.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-842
https://bugzilla.redhat.com/show_bug.cgi?id=2136909Ceph: ceph-crash.service allows local ceph user to root exploit

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3650

CVSS3: 7.8
ubuntu
около 3 лет назад

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

nvd логотип

CVE-2022-3650

CVSS3: 7.8
nvd
около 3 лет назад

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

msrc логотип

CVE-2022-3650

CVSS3: 7.8
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2022-3650

CVSS3: 7.8
debian
около 3 лет назад

A privilege escalation flaw was found in Ceph. Ceph-crash.service allo ...

github логотип

GHSA-4mjm-gg3q-674f

CVSS3: 7.8
github
около 3 лет назад

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

8.8 High

CVSS3