OpenStack Manila Vulnerability in Ceph File System
CVE-2022-0670

9.1CRITICAL

Key Information:

Vendor: Linux
Status: Ceph
Vendor: CVE Published:; 25 July 2022

What is CVE-2022-0670?

A vulnerability exists in OpenStack Manila's management of Ceph file systems, allowing an owner to gain unauthorized read and write access to any Manila share or entire file system. This issue stems from a bug in the Ceph Manager's 'volumes' plugin, compromising both the confidentiality and integrity of the affected file systems. The vulnerability has been resolved in Ceph versions 17.2.2 and RHCS 5.2.

Affected Version(s)

Ceph Ceph v 17.2.2

References

https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2022
Vulnerability Reserved
Feb 17, 2022

Linux

What is CVE-2022-0670?

Affected Version(s)

References

CVSS V3.1

Timeline