Veracode Vulnerability DatabaseVERACODE:35221Access Control Bypass
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.6%
ceph is vulnerable to access control bypass. The vulnerability exists due to a flaw which allows key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
References
access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.1/html/release_notes/index
access.redhat.com/errata/RHSA-2022:1174
access.redhat.com/errata/RHSA-2022:1716
access.redhat.com/security/cve/CVE-2021-3979
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2024788
github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656
github.com/ceph/ceph/pull/44765
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/
lists.fedoraproject.org/archives/list/[email protected]/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/
tracker.ceph.com/issues/54006
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.6%