Venky Shankar

Name of the Vulnerable Software and Affected Versions: Ceph versions 17.2.7, 18.2.1 through 18.2.4, 19.0.0 through 19.2.2 Description: Ceph is a distributed object, block, and file storage platform. An unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by changing the permissions of a directory owned by root. This allows the user to read, write, and execute any directory owned by root, impacting confidentiality, integrity, and availability. Recommendations: For version 17.2.7, update to version 17.2.8. For versions 18.2.1 through 18.2.4, update to version 18.2.5. For versions 19.0.0 through 19.2.2, update to version 19.2.3.