Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-7062
Vulnerability from cvelistv5
Published
2017-06-27 20:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93796 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037062 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:2082 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1381681 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93796 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037062 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:2082 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1381681 | Issue Tracking, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"name": "1037062",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037062"
},
{
"name": "RHSA-2016:2082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-27T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"name": "1037062",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037062"
},
{
"name": "RHSA-2016:2082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93796"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"name": "1037062",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037062"
},
{
"name": "RHSA-2016:2082",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7062",
"datePublished": "2017-06-27T20:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E916298F-E4F3-49FB-92DA-C92013188C44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:storage_console_node:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E444D421-A946-44BB-A12E-69E68EAD25DA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.\"}, {\"lang\": \"es\", \"value\": \"rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contrase\\u00f1a como texto sin cifrar.\"}]",
"id": "CVE-2016-7062",
"lastModified": "2024-11-21T02:57:22.993",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-06-27T20:29:00.933",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/93796\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037062\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:2082\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1381681\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93796\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:2082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1381681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7062\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-06-27T20:29:00.933\",\"lastModified\":\"2024-11-21T02:57:22.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.\"},{\"lang\":\"es\",\"value\":\"rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contrase\u00f1a como texto sin cifrar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E916298F-E4F3-49FB-92DA-C92013188C44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage_console_node:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E444D421-A946-44BB-A12E-69E68EAD25DA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93796\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037062\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:2082\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1381681\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:2082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1381681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
fkie_cve-2016-7062
Vulnerability from fkie_nvd
Published
2017-06-27 20:29
Modified
2024-11-21 02:57
Severity ?
Summary
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93796 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037062 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:2082 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1381681 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93796 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037062 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:2082 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1381681 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | storage_console | 2.0 | |
| redhat | storage_console_node | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E916298F-E4F3-49FB-92DA-C92013188C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage_console_node:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E444D421-A946-44BB-A12E-69E68EAD25DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
},
{
"lang": "es",
"value": "rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contrase\u00f1a como texto sin cifrar."
}
],
"id": "CVE-2016-7062",
"lastModified": "2024-11-21T02:57:22.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-27T20:29:00.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93796"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1037062"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1037062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2016-7062
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7062",
"description": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.",
"id": "GSD-2016-7062",
"references": [
"https://access.redhat.com/errata/RHSA-2016:2082"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7062"
],
"details": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.",
"id": "GSD-2016-7062",
"modified": "2023-12-13T01:21:20.908026Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93796"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"name": "1037062",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037062"
},
{
"name": "RHSA-2016:2082",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:storage_console_node:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7062"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"name": "RHSA-2016:2082",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"name": "1037062",
"refsource": "SECTRACK",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1037062"
},
{
"name": "93796",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93796"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-05T16:39Z",
"publishedDate": "2017-06-27T20:29Z"
}
}
}
rhsa-2016_2082
Vulnerability from csaf_redhat
Published
2016-10-19 14:59
Modified
2024-11-22 10:22
Summary
Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update
Notes
Topic
An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.
Security Fix(es):
* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)
Bug Fix(es):
* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)
* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)
* Rolling upgrade fails when a custom cluster name other than 'ceph' is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to 'ceph' when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)
* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)
* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)
* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)
* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)
* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)
* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)
* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)
* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)
* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)
* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)
All users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.\n\nSecurity Fix(es):\n\n* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)\n\nBug Fix(es):\n\n* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)\n\n* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)\n\n* Rolling upgrade fails when a custom cluster name other than \u0027ceph\u0027 is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to \u0027ceph\u0027 when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)\n\n* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)\n\n* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)\n\n* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)\n\n* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)\n\n* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)\n\n* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)\n\n* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)\n\n* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)\n\n* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)\n\n* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)\n\nAll users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2082",
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1342969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342969"
},
{
"category": "external",
"summary": "1346379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346379"
},
{
"category": "external",
"summary": "1358267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358267"
},
{
"category": "external",
"summary": "1358270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358270"
},
{
"category": "external",
"summary": "1358461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358461"
},
{
"category": "external",
"summary": "1358832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358832"
},
{
"category": "external",
"summary": "1359129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359129"
},
{
"category": "external",
"summary": "1365983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365983"
},
{
"category": "external",
"summary": "1365998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365998"
},
{
"category": "external",
"summary": "1366048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366048"
},
{
"category": "external",
"summary": "1366081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366081"
},
{
"category": "external",
"summary": "1366242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366242"
},
{
"category": "external",
"summary": "1366577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366577"
},
{
"category": "external",
"summary": "1366620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366620"
},
{
"category": "external",
"summary": "1371496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371496"
},
{
"category": "external",
"summary": "1371848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371848"
},
{
"category": "external",
"summary": "1372481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372481"
},
{
"category": "external",
"summary": "1373919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373919"
},
{
"category": "external",
"summary": "1375538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375538"
},
{
"category": "external",
"summary": "1375972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375972"
},
{
"category": "external",
"summary": "1381681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2082.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T10:22:24+00:00",
"generator": {
"date": "2024-11-22T10:22:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2082",
"initial_release_date": "2016-10-19T14:59:44+00:00",
"revision_history": [
{
"date": "2016-10-19T14:59:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-04-18T15:29:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T10:22:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Storage Console Installer 2",
"product": {
"name": "Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Console Agent 2",
"product": {
"name": "Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Console Main 2",
"product": {
"name": "Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Storage Console"
},
{
"branches": [
{
"category": "product_version",
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product": {
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product_id": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product_id": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product_id": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/salt-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/carbon-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product_id": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ceph-installer-0:1.0.15-2.el7scon.src",
"product": {
"name": "ceph-installer-0:1.0.15-2.el7scon.src",
"product_id": "ceph-installer-0:1.0.15-2.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product_id": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product_id": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product_id": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-0:0.0.45-1.el7scon.src",
"product": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src",
"product_id": "rhscon-core-0:0.0.45-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product_id": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product_id": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product": {
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product_id": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph-debuginfo@0.0.43-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product_id": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product_id": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core-debuginfo@0.0.45-1.el7scon?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch"
},
"product_reference": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src"
},
"product_reference": "rhscon-agent-0:0.0.19-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch"
},
"product_reference": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.src as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src"
},
"product_reference": "ceph-ansible-0:1.0.5-34.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch"
},
"product_reference": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-installer-0:1.0.15-2.el7scon.src as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src"
},
"product_reference": "ceph-installer-0:1.0.15-2.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src"
},
"product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64"
},
"product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64"
},
"product_reference": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch"
},
"product_reference": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src"
},
"product_reference": "rhscon-ui-0:0.0.60-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7062",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2016-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1381681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rhscon-ceph: password leak by command line parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7062"
},
{
"category": "external",
"summary": "RHBZ#1381681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062"
}
],
"release_date": "2016-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-19T14:59:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rhscon-ceph: password leak by command line parameter"
}
]
}
RHSA-2016:2082
Vulnerability from csaf_redhat
Published
2016-10-19 14:59
Modified
2024-11-22 10:22
Summary
Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update
Notes
Topic
An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.
Security Fix(es):
* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)
Bug Fix(es):
* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)
* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)
* Rolling upgrade fails when a custom cluster name other than 'ceph' is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to 'ceph' when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)
* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)
* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)
* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)
* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)
* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)
* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)
* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)
* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)
* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)
* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)
All users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.\n\nSecurity Fix(es):\n\n* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)\n\nBug Fix(es):\n\n* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)\n\n* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)\n\n* Rolling upgrade fails when a custom cluster name other than \u0027ceph\u0027 is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to \u0027ceph\u0027 when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)\n\n* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)\n\n* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)\n\n* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)\n\n* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)\n\n* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)\n\n* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)\n\n* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)\n\n* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)\n\n* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)\n\n* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)\n\nAll users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2082",
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1342969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342969"
},
{
"category": "external",
"summary": "1346379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346379"
},
{
"category": "external",
"summary": "1358267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358267"
},
{
"category": "external",
"summary": "1358270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358270"
},
{
"category": "external",
"summary": "1358461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358461"
},
{
"category": "external",
"summary": "1358832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358832"
},
{
"category": "external",
"summary": "1359129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359129"
},
{
"category": "external",
"summary": "1365983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365983"
},
{
"category": "external",
"summary": "1365998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365998"
},
{
"category": "external",
"summary": "1366048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366048"
},
{
"category": "external",
"summary": "1366081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366081"
},
{
"category": "external",
"summary": "1366242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366242"
},
{
"category": "external",
"summary": "1366577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366577"
},
{
"category": "external",
"summary": "1366620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366620"
},
{
"category": "external",
"summary": "1371496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371496"
},
{
"category": "external",
"summary": "1371848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371848"
},
{
"category": "external",
"summary": "1372481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372481"
},
{
"category": "external",
"summary": "1373919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373919"
},
{
"category": "external",
"summary": "1375538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375538"
},
{
"category": "external",
"summary": "1375972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375972"
},
{
"category": "external",
"summary": "1381681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2082.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T10:22:24+00:00",
"generator": {
"date": "2024-11-22T10:22:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2082",
"initial_release_date": "2016-10-19T14:59:44+00:00",
"revision_history": [
{
"date": "2016-10-19T14:59:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-04-18T15:29:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T10:22:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Storage Console Installer 2",
"product": {
"name": "Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Console Agent 2",
"product": {
"name": "Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Console Main 2",
"product": {
"name": "Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Storage Console"
},
{
"branches": [
{
"category": "product_version",
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product": {
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product_id": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product_id": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product_id": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/salt-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/carbon-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product_id": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ceph-installer-0:1.0.15-2.el7scon.src",
"product": {
"name": "ceph-installer-0:1.0.15-2.el7scon.src",
"product_id": "ceph-installer-0:1.0.15-2.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product_id": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product_id": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product_id": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-0:0.0.45-1.el7scon.src",
"product": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src",
"product_id": "rhscon-core-0:0.0.45-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product_id": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product_id": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product": {
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product_id": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph-debuginfo@0.0.43-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product_id": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product_id": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core-debuginfo@0.0.45-1.el7scon?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch"
},
"product_reference": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src"
},
"product_reference": "rhscon-agent-0:0.0.19-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch"
},
"product_reference": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.src as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src"
},
"product_reference": "ceph-ansible-0:1.0.5-34.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch"
},
"product_reference": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-installer-0:1.0.15-2.el7scon.src as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src"
},
"product_reference": "ceph-installer-0:1.0.15-2.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src"
},
"product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64"
},
"product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64"
},
"product_reference": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch"
},
"product_reference": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src"
},
"product_reference": "rhscon-ui-0:0.0.60-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7062",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2016-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1381681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rhscon-ceph: password leak by command line parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7062"
},
{
"category": "external",
"summary": "RHBZ#1381681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062"
}
],
"release_date": "2016-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-19T14:59:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rhscon-ceph: password leak by command line parameter"
}
]
}
rhsa-2016:2082
Vulnerability from csaf_redhat
Published
2016-10-19 14:59
Modified
2024-11-22 10:22
Summary
Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update
Notes
Topic
An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.
Security Fix(es):
* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)
Bug Fix(es):
* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)
* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)
* Rolling upgrade fails when a custom cluster name other than 'ceph' is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to 'ceph' when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)
* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)
* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)
* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)
* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)
* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)
* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)
* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)
* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)
* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)
* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)
All users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.\n\nSecurity Fix(es):\n\n* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)\n\nBug Fix(es):\n\n* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)\n\n* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)\n\n* Rolling upgrade fails when a custom cluster name other than \u0027ceph\u0027 is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to \u0027ceph\u0027 when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)\n\n* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)\n\n* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)\n\n* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)\n\n* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)\n\n* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)\n\n* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)\n\n* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)\n\n* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)\n\n* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)\n\n* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)\n\nAll users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2082",
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1342969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342969"
},
{
"category": "external",
"summary": "1346379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346379"
},
{
"category": "external",
"summary": "1358267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358267"
},
{
"category": "external",
"summary": "1358270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358270"
},
{
"category": "external",
"summary": "1358461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358461"
},
{
"category": "external",
"summary": "1358832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358832"
},
{
"category": "external",
"summary": "1359129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359129"
},
{
"category": "external",
"summary": "1365983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365983"
},
{
"category": "external",
"summary": "1365998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365998"
},
{
"category": "external",
"summary": "1366048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366048"
},
{
"category": "external",
"summary": "1366081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366081"
},
{
"category": "external",
"summary": "1366242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366242"
},
{
"category": "external",
"summary": "1366577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366577"
},
{
"category": "external",
"summary": "1366620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366620"
},
{
"category": "external",
"summary": "1371496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371496"
},
{
"category": "external",
"summary": "1371848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371848"
},
{
"category": "external",
"summary": "1372481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372481"
},
{
"category": "external",
"summary": "1373919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373919"
},
{
"category": "external",
"summary": "1375538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375538"
},
{
"category": "external",
"summary": "1375972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375972"
},
{
"category": "external",
"summary": "1381681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2082.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T10:22:24+00:00",
"generator": {
"date": "2024-11-22T10:22:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2082",
"initial_release_date": "2016-10-19T14:59:44+00:00",
"revision_history": [
{
"date": "2016-10-19T14:59:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-04-18T15:29:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T10:22:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Storage Console Installer 2",
"product": {
"name": "Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Console Agent 2",
"product": {
"name": "Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Console Main 2",
"product": {
"name": "Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhscon:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Storage Console"
},
{
"branches": [
{
"category": "product_version",
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product": {
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product_id": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product_id": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product_id": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/salt-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product_id": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/carbon-selinux@0.0.45-1.el7scon?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product_id": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ceph-installer-0:1.0.15-2.el7scon.src",
"product": {
"name": "ceph-installer-0:1.0.15-2.el7scon.src",
"product_id": "ceph-installer-0:1.0.15-2.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product_id": "rhscon-agent-0:0.0.19-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product_id": "ceph-ansible-0:1.0.5-34.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product_id": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-0:0.0.45-1.el7scon.src",
"product": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src",
"product_id": "rhscon-core-0:0.0.45-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product_id": "rhscon-ui-0:0.0.60-1.el7scon.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product_id": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product": {
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product_id": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-ceph-debuginfo@0.0.43-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product_id": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product_id": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhscon-core-debuginfo@0.0.45-1.el7scon?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch"
},
"product_reference": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-agent-0:0.0.19-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src"
},
"product_reference": "rhscon-agent-0:0.0.19-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
"product_id": "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch"
},
"product_reference": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-ansible-0:1.0.5-34.el7scon.src as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src"
},
"product_reference": "ceph-ansible-0:1.0.5-34.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-installer-0:1.0.15-2.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch"
},
"product_reference": "ceph-installer-0:1.0.15-2.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-installer-0:1.0.15-2.el7scon.src as a component of Red Hat Storage Console Installer 2",
"product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src"
},
"product_reference": "ceph-installer-0:1.0.15-2.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src"
},
"product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64"
},
"product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64"
},
"product_reference": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
},
"product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch"
},
"product_reference": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhscon-ui-0:0.0.60-1.el7scon.src as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src"
},
"product_reference": "rhscon-ui-0:0.0.60-1.el7scon.src",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
"product_id": "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
},
"product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
"relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7062",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2016-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1381681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rhscon-ceph: password leak by command line parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7062"
},
{
"category": "external",
"summary": "RHBZ#1381681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062"
}
],
"release_date": "2016-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-19T14:59:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
"7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
"7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
"7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
"7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rhscon-ceph: password leak by command line parameter"
}
]
}
ghsa-5wqw-hj4w-m539
Vulnerability from github
Published
2022-05-17 02:36
Modified
2022-05-17 02:36
Severity ?
Details
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
{
"affected": [],
"aliases": [
"CVE-2016-7062"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-27T20:29:00Z",
"severity": "HIGH"
},
"details": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.",
"id": "GHSA-5wqw-hj4w-m539",
"modified": "2022-05-17T02:36:11Z",
"published": "2022-05-17T02:36:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:2082"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93796"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037062"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.