CVE-2022-0670
ceph: user/tenant can obtain access (read/write) to any share
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
Se ha encontrado un fallo en Openstack manilla que posee un "share" del sistema de archivos Ceph, que permite al propietario leer/escribir cualquier manilla compartido o todo el sistema de archivos. La vulnerabilidad es debido a un error en el plugin de "volumes" en Ceph Manager. Esto permite a un atacante comprometer la Confidencialidad e Integridad de un sistema de archivos. Corregido en RHCS versión 5.2 y Ceph versión 17.2.2
A flaw was found in OpenStack Manila, where owning a Ceph File system "share" enables the owner to read/write any Manila share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This flaw allows an attacker to compromise the confidentiality and integrity of a file system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-17 CVE Reserved
- 2022-07-25 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linuxfoundation Search vendor "Linuxfoundation" | Ceph Search vendor "Linuxfoundation" for product "Ceph" | >= 15.0.0 < 15.2.17 Search vendor "Linuxfoundation" for product "Ceph" and version " >= 15.0.0 < 15.2.17" | - |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Ceph Search vendor "Linuxfoundation" for product "Ceph" | >= 16.0.0 < 16.2.10 Search vendor "Linuxfoundation" for product "Ceph" and version " >= 16.0.0 < 16.2.10" | - |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Ceph Search vendor "Linuxfoundation" for product "Ceph" | >= 17.0.0 < 17.2.2 Search vendor "Linuxfoundation" for product "Ceph" and version " >= 17.0.0 < 17.2.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | < 5.2 Search vendor "Redhat" for product "Ceph Storage" and version " < 5.2" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
|