CVE-2022-3650Placement of User into Incorrect Group in Redhat Ceph

CWE-842Placement of User into Incorrect GroupCWE-130Improper Handling of Length Parameter Inconsistency11 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 92.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Ceph
Timeline
PublishedJan 17
Latest updateAug 16

Description

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5redhat/cephunknown
NVDredhat/ceph16.2.9

🔴Vulnerability Details

4
OSV
ceph vulnerabilities2023-05-09
OSV
CVE-2022-3650: A privilege escalation flaw was found in Ceph2023-01-17
GHSA
GHSA-4mjm-gg3q-674f: A privilege escalation flaw was found in Ceph2023-01-17
CVEList
CVE-2022-3650: A privilege escalation flaw was found in Ceph2023-01-17

📋Vendor Advisories

6
Ubuntu
Ceph vulnerability2023-08-16
Ubuntu
Ceph vulnerabilities2023-05-09
Microsoft
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information.2023-01-10
Red Hat
Ceph: ceph-crash.service allows local ceph user to root exploit2022-10-25
Cisco
Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability2022-09-28
CVE-2022-3650 — Placement of User into Incorrect Group | cvebase