CVE-2020-27781
Severity
7.1HIGH
EPSS
0.1%
top 78.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 18
Latest updateMay 24
Description
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2
Affected Packages6 packages
Also affects: Fedora 33, Openshift Container Platform 4.0
🔴Vulnerability Details
5GHSA▶
GHSA-mh9p-7vgq-83jw: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation↗2022-05-24
OSV▶
CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation↗2020-12-18
CVEList▶
CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation↗2020-12-18