← Back

CVE-2020-1759

nvd nist
Published: Apr 13, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: NVD

Description

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.

Affected (5)

Redhat
3 products
Ceph Storage
Openshift
Openstack
Linuxfoundation
1 product
Ceph
Fedoraproject
1 product
Fedora
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Ceph Storage
Version 4.0
Openshift
Version 4.2
Openstack
Version 15
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Ceph
Before 14.2.21
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 31

Related CWEs

CWE-323
Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (6)

Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.