ALT-PU-2022-2350-1
Closed vulnerabilities
Published: 2021-01-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-25678
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Severity: MEDIUM (4.4)
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- FEDORA-2021-93ff9e9103
- FEDORA-2021-93ff9e9103
- GLSA-202105-39
- GLSA-202105-39
- https://tracker.ceph.com/issues/37503
- https://tracker.ceph.com/issues/37503
Published: 2022-07-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References: