An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{ "binaries": [ { "binary_name": "ceph", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-base", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-base-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-common", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-common-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-fuse", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-fuse-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-immutable-object-cache", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-immutable-object-cache-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mds", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mds-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-cephadm", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-dashboard", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-diskprediction-cloud", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-diskprediction-local", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-k8sevents", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-modules-core", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mgr-rook", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mon", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-mon-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-osd", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-osd-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "ceph-resource-agents", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "cephadm", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "cephfs-shell", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libcephfs-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libcephfs-java", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libcephfs-jni", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libcephfs-jni-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libcephfs2", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libcephfs2-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librados-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librados-dev-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librados2", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librados2-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libradospp-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libradosstriper-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libradosstriper1", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "libradosstriper1-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librbd-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librbd1", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librbd1-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librgw-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librgw2", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "librgw2-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-ceph", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-ceph-argparse", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-ceph-common", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-cephfs", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-cephfs-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-rados", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-rados-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-rbd", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-rbd-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-rgw", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "python3-rgw-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rados-objclass-dev", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "radosgw", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "radosgw-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rbd-fuse", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rbd-fuse-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rbd-mirror", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rbd-mirror-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rbd-nbd", "binary_version": "15.2.12-0ubuntu0.20.04.1" }, { "binary_name": "rbd-nbd-dbgsym", "binary_version": "15.2.12-0ubuntu0.20.04.1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }