A vulnerability was found that allows an OpenStack manilla user/tenant (owner of a Ceph File System "share") to access (read/write) any manilla share and even have read/write access to an entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager.
Removed OSD from affects.
Created ceph tracking bugs for this issue:
Affects: fedora-all [bug 2110017]
FEDORA-2022-6d129f14f2 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products:
Red Hat Ceph Storage 5.2
Via RHSA-2022:5997 https://access.redhat.com/errata/RHSA-2022:5997
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):