Kotresh Hr

**Name of the Vulnerable Software and Affected Versions** Openstack manilla versions prior to RHCS 5.2 and Ceph 17.2.2 **Description** A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. **Recommendations** For Openstack manilla versions prior to RHCS 5.2, update to RHCS 5.2 or later to resolve the issue. For Ceph versions prior to 17.2.2, update to Ceph 17.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "volumes" plugin in Ceph Manager to minimize the risk of exploitation.