Описание
Important: Rocky Enterprise Software Foundation Ceph Storage 4.1 security, bug fix, and enhancement update
Rocky Enterprise Software Foundation Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Security Fix(es):
- ceph-ansible: hard coded credential in ceph-ansible playbook (CVE-2020-1716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information refer to the CVE page(s) listed in the References section.
Bug Fix(es) and Enhancement(s):
For detailed information on changes in this release, see the Rocky Enterprise Software Foundation Ceph Storage 4.1 Release Notes available at:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.1/html/release_notes/index
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1274084
- Red Hat - 1553202
- Red Hat - 1581421
- Red Hat - 1625951
- Red Hat - 1639817
- Red Hat - 1656512
- Red Hat - 1658491
- Red Hat - 1665683
- Red Hat - 1678701
- Red Hat - 1679924
- Red Hat - 1687971
- Red Hat - 1716815
- Red Hat - 1716972
- Red Hat - 1719446
- Red Hat - 1724428
- Red Hat - 1731148
- Red Hat - 1731554
- Red Hat - 1734583
- Red Hat - 1738334
- Red Hat - 1741677
Связанные уязвимости
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected.
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected.
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected.