Skip to main content

Ceph CVE-2020-27781

HIGH
Insufficiently Protected Credentials (CWE-522)
2020-12-18 secalert@redhat.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 18, 2020 - 21:15 nvd
HIGH 7.1

DescriptionNVD

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

AnalysisAI

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. Affected products include: Redhat Ceph, Redhat Ceph Storage, Redhat Openshift Container Platform, Redhat Openstack Platform, Fedoraproject Fedora. Version information: prior to 14.2.16.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

More in Ceph

View all
CVE-2016-7031 HIGH POC
7.5 Oct 03

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list

CVE-2022-0670 CRITICAL
9.1 Jul 25

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manil

CVE-2020-25660 HIGH
8.8 Nov 23

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not ve

CVE-2018-10861 HIGH
8.1 Jul 10

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-10736 HIGH
8.0 Jun 22

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr d

CVE-2020-12059 HIGH
7.5 Apr 22

An issue was discovered in Ceph through 13.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab

CVE-2020-1699 HIGH
7.5 Apr 21

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph

CVE-2019-10222 HIGH
7.5 Nov 08

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity

CVE-2018-1128 HIGH
7.5 Jul 10

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attac

CVE-2018-7262 HIGH
7.5 Mar 19

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't han

CVE-2021-20288 HIGH
7.2 Apr 15

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability

CVE-2020-1759 MEDIUM
6.8 Apr 13

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vul

Share

CVE-2020-27781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy