CVE-2021-3979

Published Aug 25, 2022

Last updated a year ago

CVSS medium 6.5

Overview

Description: A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-287
secalert@redhat.com: CWE-327

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516F4E8E-ED2F-4282-9DAB-D8B378F61258"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "634F0044-B81C-4EE4-A27A-24B5DF857D35"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EA89296-A701-46DA-BE5D-1FAAC2789D9B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_storage:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FB187A4-F3A6-4993-AEF2-7808F1485EE2"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:ceph_storage_for_ibm_z_systems:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F26352C-A305-4A68-B9D8-367B440F6F62"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage_for_power:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "178E0094-2ACA-4BDF-A83C-965CF856D41D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ceph_storage_for_power:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "178E0094-2ACA-4BDF-A83C-965CF856D41D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References