Vulnerability Details : CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
Products affected by CVE-2022-0670
- cpe:2.3:a:redhat:ceph_storage:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-0670
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-0670
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2022-0670
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2022-0670
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/
Mailing List;Third Party Advisory
-
https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
Ceph.io — v17.2.2 Quincy releasedRelease Notes;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/
[SECURITY] Fedora 36 Update: ceph-16.2.10-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to