CVE-2022-0670

Name
CVE-2022-0670
Description
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ceph:ceph:*:*:*:*:*:*:*:* ceph >= None < 17.2.2
cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:* ceph >= 15.0.0 < 15.2.17
cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:* ceph >= 16.0.0 < 16.2.10
cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:* ceph >= 17.0.0 < 17.2.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ceph 3.16-community 16.2.10-r1 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable