A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ceph_storage | Redhat | 3.0 (including) | 3.0 (including) |
| Ceph_storage | Redhat | 4.3 (including) | 4.3 (including) |
| Ceph_storage | Redhat | 5.1 (including) | 5.1 (including) |
| Openshift_container_storage | Redhat | 4.0 (including) | 4.0 (including) |
| Openshift_data_foundation | Redhat | 4.0 (including) | 4.0 (including) |
| Openstack_platform | Redhat | 13.0 (including) | 13.0 (including) |
| Ceph_storage_for_ibm_z_systems | Redhat | 4.0 (including) | 4.0 (including) |
| Ceph | Ubuntu | bionic | * |
| Ceph | Ubuntu | focal | * |
| Ceph | Ubuntu | hirsute | * |
| Ceph | Ubuntu | impish | * |
| Ceph | Ubuntu | trusty | * |
| Ceph | Ubuntu | upstream | * |
| Ceph | Ubuntu | xenial | * |
| Red Hat Ceph Storage 4.3 | RedHat | ceph-2:14.2.22-110.el7cp | * |
| Red Hat Ceph Storage 5.1 | RedHat | ceph-2:16.2.7-98.el8cp | * |