CVE-2020-1759
MEDIUMRed Hat Ceph Storage 4-Red Hat Openshift Container Storage 4.2 - Co...
Title source: llmDescription
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
References (3)
Core 3
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202105-39
Scores
CVSS v3
6.4
EPSS
0.0137
EPSS Percentile
68.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-330
CWE-323
Status
published
Products (5)
fedoraproject/fedora
31
linuxfoundation/ceph
< 14.2.21
redhat/ceph_storage
4.0
redhat/openshift
4.2
redhat/openstack
15
Published
Apr 13, 2020
Tracked Since
Feb 18, 2026