Bugzilla – Bug 1201837
VUL-0: CVE-2022-0670: ceph: user/tenant can access (read/write) any share
Last modified: 2022-12-07 09:01:02 UTC
A vulnerability was found that allows an OpenStack manilla user/tenant (owner of a Ceph File System "share") to access (read/write) any manilla share and even have read/write access to an entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager.