Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2020-27781

Published: 18/12/2020 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Ceph

Vulnerability Summary

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the malicious user to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions before 14.2.16, 15.x before 15.2.8, and 16.x before 16.2.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ceph

redhat ceph storage 3.0

redhat ceph storage 2.0

redhat openshift container platform 4.0

redhat ceph storage 4.0

redhat openstack platform 13.0

fedoraproject fedora 33

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-27781 CVE-2020-27839
Debian Bug report logs - #985670 CVE-2020-27781 CVE-2020-27839 Package: ceph; Maintainer for ceph is Ceph Packaging Team <team+ceph@trackerdebianorg>; Source for ceph is src:ceph (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 21 Mar 2021 19:03:00 UTC Severity: important Tags: sec ...
Red Hat: Important: Red Hat Ceph Storage 4.2 Security and Bug Fix update
Synopsis Important: Red Hat Ceph Storage 42 Security and Bug Fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Arch Linux Issues:
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users The access key is retrieved via the interface drivers Then, all users of the requesting OpenStack p ...

References

CWE-522https://bugzilla.redhat.com/show_bug.cgi?id=1900109https://security.gentoo.org/glsa/202105-39https://lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985670https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-27781
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook