summaryrefslogtreecommitdiffstats
path: root/doc/security/CVE-2022-0670.rst
blob: e7863d1d91018d8564fe2d6530372fab51f61b3d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
.. _CVE-2022-0670:

CVE-2022-0670: Native-CephFS Manila Path-restriction bypass
===========================================================

Summary
-------

Users who were running OpenStack Manila to export native CephFS and who
upgraded their Ceph cluster from Nautilus (or earlier) to a later
major version were vulnerable to an attack by malicious users. The
vulnerability allowed users to obtain access to arbitrary portions of
the CephFS filesystem hierarchy instead of being properly restricted
to their own subvolumes. The vulnerability is due to a bug in the
"volumes" plugin in Ceph Manager. This plugin is responsible for
managing Ceph File System subvolumes, which are used by OpenStack
Manila services as a way to provide shares to Manila users.

Again, this vulnerability impacts only OpenStack Manila clusters that 
provided native CephFS access to their users.

Affected versions
-----------------

Any version of Ceph running OpenStack Manila that was upgraded from Nautilus
or earlier.

Fixed versions
--------------

* Quincy v17.2.2 (and later)
* Pacific v16.2.10 (and later)
* Octopus fix is forthcoming

Recommendations
---------------

#. Users should upgrade to a patched version of Ceph at their earliest
   convenience.

#. Administrators who are
   concerned they may have been impacted should audit the CephX keys in
   their cluster for proper path restrictions.