All the vulnerabilites related to redhat - ceph_storage_for_power
Vulnerability from fkie_nvd
Published
2022-08-25 20:15
Modified
2024-11-21 06:23
Severity ?
Summary
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ceph_storage | 3.0 | |
| redhat | ceph_storage | 4.3 | |
| redhat | ceph_storage | 5.1 | |
| redhat | openshift_container_storage | 4.0 | |
| redhat | openshift_data_foundation | 4.0 | |
| redhat | openstack_platform | 13.0 | |
| redhat | ceph_storage_for_ibm_z_systems | 4.0 | |
| redhat | ceph_storage | 4.0 | |
| redhat | ceph_storage | 5.0 | |
| redhat | ceph_storage_for_power | 4.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | ceph_storage | 4.0 | |
| redhat | ceph_storage | 5.0 | |
| redhat | ceph_storage_for_power | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F4E8E-ED2F-4282-9DAB-D8B378F61258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "634F0044-B81C-4EE4-A27A-24B5DF857D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA89296-A701-46DA-BE5D-1FAAC2789D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_storage:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB187A4-F3A6-4993-AEF2-7808F1485EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:ceph_storage_for_ibm_z_systems:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F26352C-A305-4A68-B9D8-367B440F6F62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_for_power:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178E0094-2ACA-4BDF-A83C-965CF856D41D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_for_power:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178E0094-2ACA-4BDF-A83C-965CF856D41D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que es m\u00e1s d\u00e9bil y puede ser explotada para la p\u00e9rdida de confidencialidad e integridad en los discos cifrados."
}
],
"id": "CVE-2021-3979",
"lastModified": "2024-11-21T06:23:17.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T20:15:09.473",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3979"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024788"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/pull/44765"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://tracker.ceph.com/issues/54006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/pull/44765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://tracker.ceph.com/issues/54006"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-3979
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024788"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3979"
},
{
"tags": [
"x_transferred"
],
"url": "https://tracker.ceph.com/issues/54006"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ceph/ceph/pull/44765"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656"
},
{
"name": "FEDORA-2022-d832fd2f45",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not-Known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 - Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024788"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3979"
},
{
"url": "https://tracker.ceph.com/issues/54006"
},
{
"url": "https://github.com/ceph/ceph/pull/44765"
},
{
"url": "https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656"
},
{
"name": "FEDORA-2022-d832fd2f45",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3979",
"datePublished": "2022-08-25T00:00:00",
"dateReserved": "2021-11-19T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}