CVE-2022-0670 — Incorrect Authorization in Ceph
Severity
9.1CRITICALNVD
OSV6.5
EPSS
0.2%
top 55.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 25
Latest updateMay 9
Description
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2
Affected Packages3 packages
Also affects: Fedora 35, 36
🔴Vulnerability Details
4GHSA▶
GHSA-g5mr-95rv-q4hc: A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system↗2022-07-26
CVEList▶
CVE-2022-0670: A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system↗2022-07-25
OSV▶
CVE-2022-0670: A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system↗2022-07-25
📋Vendor Advisories
4Microsoft▶
A flaw was found in Openstack manilla owning a Ceph File system "share" which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes↗2022-07-12
Debian▶
CVE-2022-0670: ceph - A flaw was found in Openstack manilla owning a Ceph File system "share", which e...↗2022