78 matches found
CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
CVE-2019-11252
A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality...
DEBIAN-CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
Design/Logic Flaw
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
CVE-2019-11252 Credential leakage when failing to mount
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
CVE-2019-11252
CVE-2019-11252 affects Kubernetes kube-controller-manager (versions v1.0–v1.17). It leaks credentials via error messages in mount failure logs/events for AzureFile and CephFS volumes, enabling access to user credentials if logs are obtained. The issue is specifically tied to credential leakage th...
CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...
kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes
A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality...
RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2177 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.0 security and bug fix update
An update for ceph is now available for Red Hat Ceph Storage for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
openSUSE Security Update : ceph (openSUSE-2016-1500)
ceph was updated to version 10.2.4 and fixes the following issues : - A moncommand with empty prefix could crash the monitor boo987144, CVE-2016-5009 - Detect crc32 extension support from assembler on AArch64 boo999688 - Failing file operations on kernel based cephfs mount point could leave...
SUSE-SU-2016:2809-1 Recommended update for ceph
This update provides Ceph 10.2.3, which includes important bug fixes in RBD mirroring, RGW multi-site, CephFS, and RADOS. Build/OPS: - AArch64: Detect crc32 extension support from assembler. bsc999688 - Drop legacy ceph RA which doesn't work with systemd unit files. - The mount.ceph binary, which...
RHEL 7 : org.ovirt.engine-root (RHSA-2016:1967)
An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update
An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1696-1)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.59 to receive various security and bugfixes. Main feature additions : - Improved support for Clustered File System CephFS, fate318586. - Addition of kGraft patches now produces logging messages to simplify auditing fate317827. The...