CVE-2020-1759 MEDIUM

CVE-2020-1759

Vendor The Ceph Project
Product ceph
Weakness CWE-323
Published April 13, 2020
Last update August 4, 2024

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.

Key dates

02Disclosure timeline

April 13, 2020 CVE published
August 4, 2024 Record updated