3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
15.8%
User credentials can be manipulated and stolen by Native CephFS consumers
of OpenStack Manila, resulting in potential privilege escalation. An Open
Stack Manila user can request access to a share to an arbitrary cephx user,
including existing users. The access key is retrieved via the interface
drivers. Then, all users of the requesting OpenStack project can view the
access key. This enables the attacker to target any resource that the user
has access to. This can be done to even “admin” users, compromising the
ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x
prior to 15.2.8, and 16.x prior to 16.2.0.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ceph | < 12.2.13-0ubuntu0.18.04.10 | UNKNOWN |
ubuntu | 20.04 | noarch | ceph | < 15.2.12-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | ceph | < 15.2.12-0ubuntu0.20.10.1 | UNKNOWN |
ubuntu | 21.04 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | ceph | < 16.2.0-0ubuntu1 | UNKNOWN |
3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
15.8%