Nonce Reuse Vulnerability in Red Hat Ceph Storage and Openshift Container Storage
CVE-2020-1759

6.4MEDIUM

Key Information:

Vendor

The Ceph Project

Status
Ceph
Vendor
CVE Published:
13 April 2020

What is CVE-2020-1759?

A nonce reuse vulnerability has been identified in the secure mode of the messenger v2 protocol utilized by Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2. This security flaw enables an attacker to exploit the reuse of nonce values within a single session, potentially allowing them to forge authentication tags. As a result, messages that rely on reused nonce values are at risk for significant breaches in data confidentiality and integrity, leading to unauthorized data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ceph Red Hat Ceph Storage 4

ceph Red Hat Openshift Container Storage 4.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202105-39
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.