CVE-2022-0670

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
linuxfoundationceph
15.0.0 ≤
𝑥
< 15.2.17
linuxfoundationceph
16.0.0 ≤
𝑥
< 16.2.10
linuxfoundationceph
17.0.0 ≤
𝑥
< 17.2.2
redhatceph_storage
𝑥
< 5.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ceph
bullseye
no-dsa
buster
not-affected
bookworm
16.2.11+ds-2
fixed
sid
18.2.4+ds-7
fixed
trixie
18.2.4+ds-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ceph
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
Fixed 17.2.5-0ubuntu0.22.10.3
released
jammy
Fixed 17.2.5-0ubuntu0.22.04.3
released
focal
Fixed 15.2.17-0ubuntu0.20.04.3
released
bionic
not-affected
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/
https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/