SB2020041035 - OpenSUSE Linux update for ceph

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020041035

SB2020041035 - OpenSUSE Linux update for ceph

Published: April 10, 2020

Security Bulletin ID SB2020041035
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use of insufficiently random values (CVE-ID: CVE-2020-1759)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.


2) Stored cross-site scripting (CVE-ID: CVE-2020-1760)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


Remediation

Install update from vendor's website.

References