Vulnerability Description
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Ceph | >= 15.0.0, < 15.2.17 |
| Redhat | Ceph Storage | < 5.2 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/Release NotesVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/Release NotesVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-0670?
CVE-2022-0670 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volume...
How severe is CVE-2022-0670?
CVE-2022-0670 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-0670?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Ceph, Redhat Ceph Storage, Fedoraproject Fedora.