CVE-2022-0670 - OpenCVE

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Linuxfoundation	Ceph
Redhat	Ceph Storage

Configuration 1 [-]

OR	cpe:2.3:a:linuxfoundation:ceph::::::::
	cpe:2.3:a:linuxfoundation:ceph::::::::
	cpe:2.3:a:linuxfoundation:ceph::::::::

Configuration 2 [-]

cpe:2.3:a:redhat:ceph_storage:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Package	CPE	Advisory	Released Date
Red Hat Ceph Storage 5.2
ceph-2:16.2.8-84.el8cp	cpe:/a:redhat:ceph_storage:5.2::el8	RHSA-2022:5997	2022-08-09T00:00:00Z

References

Link	Providers
https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
https://docs.ceph.com/en/latest/security/CVE-2022-0670/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/
https://nvd.nist.gov/vuln/detail/CVE-2022-0670
https://www.cve.org/CVERecord?id=CVE-2022-0670

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-25T13:58:09

Updated: 2024-08-02T23:32:46.554Z

Reserved: 2022-02-17T00:00:00

Link: CVE-2022-0670

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-25T14:15:10.327

Modified: 2023-11-07T03:41:28.753

Link: CVE-2022-0670

Redhat

Severity : Moderate

Publid Date: 2022-07-21T00:00:00Z

Links: CVE-2022-0670 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Ceph", "vendor": "n/a", "versions": [{"status": "affected", "version": "Ceph v 17.2.2"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Openstack manilla owning a Ceph File system \"share\", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the \"volumes\" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-03T03:06:22", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/"}, {"name": "FEDORA-2022-67e0522b94", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/"}, {"name": "FEDORA-2022-6d129f14f2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0670", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ceph", "version": {"version_data": [{"version_value": "Ceph v 17.2.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Openstack manilla owning a Ceph File system \"share\", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the \"volumes\" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863"}]}]}, "references": {"reference_data": [{"name": "https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/", "refsource": "MISC", "url": "https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/"}, {"name": "FEDORA-2022-67e0522b94", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/"}, {"name": "FEDORA-2022-6d129f14f2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:46.554Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/"}, {"name": "FEDORA-2022-67e0522b94", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/"}, {"name": "FEDORA-2022-6d129f14f2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0670", "datePublished": "2022-07-25T13:58:09", "dateReserved": "2022-02-17T00:00:00", "dateUpdated": "2024-08-02T23:32:46.554Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "28C6E0ED-84FA-4467-BAB9-3112FE35F1A6", "versionEndExcluding": "15.2.17", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F18E3B-6C02-4419-80D7-9F5C867FB07D", "versionEndExcluding": "16.2.10", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "37FAE424-D918-4082-BF02-A7F4E0EF826B", "versionEndExcluding": "17.2.2", "versionStartIncluding": "17.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFD1F25C-66AD-4F19-863C-530F5DDC5C28", "versionEndExcluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Openstack manilla owning a Ceph File system \"share\", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the \"volumes\" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2."}, {"lang": "es", "value": "Se ha encontrado un fallo en Openstack manilla que posee un \"share\" del sistema de archivos Ceph, que permite al propietario leer/escribir cualquier manilla compartido o todo el sistema de archivos. La vulnerabilidad es debido a un error en el plugin de \"volumes\" en Ceph Manager. Esto permite a un atacante comprometer la Confidencialidad e Integridad de un sistema de archivos. Corregido en RHCS versi\u00f3n 5.2 y Ceph versi\u00f3n 17.2.2"}], "id": "CVE-2022-0670", "lastModified": "2023-11-07T03:41:28.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-25T14:15:10.327", "references": [{"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5997", "cpe": "cpe:/a:redhat:ceph_storage:5.2::el8", "package": "ceph-2:16.2.8-84.el8cp", "product_name": "Red Hat Ceph Storage 5.2", "release_date": "2022-08-09T00:00:00Z"}], "bugzilla": {"description": "ceph: user/tenant can obtain access (read/write) to any share", "id": "2050728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050728"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-863", "details": ["A flaw was found in Openstack manilla owning a Ceph File system \"share\", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the \"volumes\" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.", "A flaw was found in OpenStack Manila, where owning a Ceph File system \"share\" enables the owner to read/write any Manila share or entire file system. The vulnerability is due to a bug in the \"volumes\" plugin in Ceph Manager. This flaw allows an attacker to compromise the confidentiality and integrity of a file system."], "name": "CVE-2022-0670", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ceph-common", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-07-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0670\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0670\nhttps://docs.ceph.com/en/latest/security/CVE-2022-0670/"], "statement": "Red Hat OpenStack Platform deployments use the Ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time.", "threat_severity": "Moderate", "upstream_fix": "RHCS 5.2 Ceph v 17.2.2"}