{"id":"MGASA-2023-0139","summary":"Updated ceph packages fix security vulnerability","details":"Openstack manilla owning a Ceph File system \"share\", enables the owner to\nread/write any manilla share or entire file system. The vulnerability is\ndue to a bug in the \"volumes\" plugin in Ceph Manager. This allows an\nattacker to compromise Confidentiality and Integrity of a file system.\n(CVE-2022-0670)\nPrivilege escalation and privileged information disclosure (CVE-2022-3650)\n","modified":"2026-04-16T00:09:08.143533493Z","published":"2023-04-15T19:03:44Z","upstream":["CVE-2022-0670","CVE-2022-3650"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0139.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30677"},{"type":"ADVISORY","url":"https://docs.ceph.com/en/latest/security/CVE-2022-0670/"},{"type":"WEB","url":"https://github.com/ceph/ceph/pull/48713/commits"}],"affected":[{"package":{"name":"ceph","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ceph?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.2.17-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0139.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}