12 matches found
Ubuntu: Security Advisory (USN-5128-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2021-1136)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : ceph (openSUSE-2020-2327)
This update for ceph fixes the following issues : Security issue fixed : - CVE-2020-27781: Fixed a privilege escalation via the cephvolumeclient Python interface bsc1180155, bsc1179802. Non-security issues fixed : - Update to 15.2.8-80-g1f4b6229ca : + Rebase on tip of upstream 'octopus' branch,...
openSUSE Security Update : ceph (openSUSE-2021-79)
This update for ceph fixes the following issues : Security issues fixed : - CVE-2020-27781: Fixed a privilege escalation via the cephvolumeclient Python interface bsc1179802 bsc1180155. Non-security issues fixed : - Fixes an issue when check in legacy collection reaches end. bsc1179139 - Fixes an...
Important: Red Hat Security Advisory: Red Hat Ceph Storage 4.2 Security and Bug Fix update
An update is now available for Red Hat Ceph Storage 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix update (Important) (RHSA-2021:0081)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0081 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2021:0023-1)
This update for ceph fixes the following issues : Security issues fixed : CVE-2020-27781: Fixed a privilege escalation via the cephvolumeclient Python interface bsc1179802 bsc1180155. Non-security issues fixed : Fixes an issue when check in legacy collection reaches end. bsc1179139 Fixes an issue...
Fedora 33 : 2:ceph (2020-fcafbe7225)
ceph 15.2.8 GA Security fix for CVE-2020-27781 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Security update for ceph (important)
openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:2327-1 Rating: important References: 1178860 1179016 1179802 1180107 1180155 Cross-References: CVE-2020-27781 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has four fixes is no...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2020:3895-1)
This update for ceph fixes the following issues : Security issue fixed : CVE-2020-27781: Fixed a privilege escalation via the cephvolumeclient Python interface bsc1180155, bsc1179802. Non-security issues fixed : Update to 15.2.8-80-g1f4b6229ca : + Rebase on tip of upstream 'octopus' branch, SHA1...
CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
CVE-2020-27781
CVE-2020-27781 affects Ceph and specifically allows privilege escalation via Native CephFS consumers of OpenStack Manila. An OpenStack Manila user can request access to a share for an arbitrary cephx user; the interface drivers reveal the access key, enabling all users in the requesting project t...