CVE-2022-0670

CVE-2022-0670

Name

CVE-2022-0670

Description

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/

Type

URI

MISC

https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ceph:ceph::::::::`	ceph	>= None	< 17.2.2
`cpe:2.3:a:linuxfoundation:ceph::::::::`	ceph	>= 15.0.0	< 15.2.17
`cpe:2.3:a:linuxfoundation:ceph::::::::`	ceph	>= 16.0.0	< 16.2.10
`cpe:2.3:a:linuxfoundation:ceph::::::::`	ceph	>= 17.0.0	< 17.2.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:ceph:ceph:*:*:*:*:*:*:*:*

ceph

>= None

< 17.2.2

cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*

ceph

>= 15.0.0

< 15.2.17

cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*

ceph

>= 16.0.0

< 16.2.10

cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*

ceph

>= 17.0.0

< 17.2.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ceph16	edge-community	16.2.10-r0	None	fixed
ceph16	3.18-community	16.2.10-r0	None	fixed
ceph16	3.17-community	16.2.10-r0	None	fixed
ceph	edge-community	16.2.10-r7	Duncan Bellamy <dunk@denkimushi.com>	fixed
ceph	edge-community	16.2.10-r0	Duncan Bellamy <dunk@denkimushi.com>	fixed
ceph	edge-community	16.2.4-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
ceph	edge-community	16.2.3-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
ceph	edge-community	15.2.8-r0	None	possibly vulnerable
ceph	edge-community	15.2.6-r0	None	possibly vulnerable
ceph	edge-community	14.2.9-r0	None	possibly vulnerable
ceph	edge-community	14.2.7-r0	None	possibly vulnerable
ceph	edge-community	14.2.3-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ceph16

edge-community

16.2.10-r0

None

fixed

ceph16

3.18-community