PT-2020-15040 · Red Hat+2 · Red Hat Openshift Container Storage+3

Marian Rehak

·

Published

2020-04-06

·

Updated

2026-03-20

·

CVE-2020-1759

CVSS v3.1

6.4

Medium

VectorAV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage version 4 Red Hat Openshift Container Storage version 4.2
Description A nonce reuse issue was discovered in the secure mode of the messenger v2 protocol. This allows an attacker to forge auth tags and potentially manipulate data by reusing a nonce in a session. Messages encrypted with a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Recommendations For Red Hat Ceph Storage version 4, update to a version that addresses the nonce reuse vulnerability in the messenger v2 protocol. For Red Hat Openshift Container Storage version 4.2, update to a version that addresses the nonce reuse vulnerability in the messenger v2 protocol. As a temporary workaround, consider restricting the use of the secure mode of the messenger v2 protocol until a patch is available.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-323CWE-330

Related Identifiers

ALT-PU-2020-1757
ALT-PU-2020-1769
ALT-PU-2020-2845
ALT-PU-2021-1830
ALT-PU-2021-2332
BIT-CEPH-2020-1759
CVE-2020-1759
OPENSUSE-SU-2020:0494-1
OPENSUSE-SU-2020_0494-1
OPENSUSE-SU-2024:10676-1
SUSE-SU-2020:0930-1
SUSE-SU-2020_0930-1

Affected Products

Alt Linux
Red Hat Ceph Storage
Red Hat Openshift Container Storage
Suse