From 52971eb9ac65a25e1bb79e7587de5a51900261d3 Mon Sep 17 00:00:00 2001 From: Zac Dover Date: Tue, 11 Oct 2022 14:36:10 +1000 Subject: [PATCH] doc/security: improve grammar in CVE-2022-0670.rst This commit accepts the suggestions made by Cole Mitchell in https://github.com/ceph/ceph/pull/48404. Signed-off-by: Zac Dover --- doc/security/CVE-2022-0670.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/security/CVE-2022-0670.rst b/doc/security/CVE-2022-0670.rst index 54ebb7f907cb..f2b90de2e10d 100644 --- a/doc/security/CVE-2022-0670.rst +++ b/doc/security/CVE-2022-0670.rst @@ -6,17 +6,17 @@ CVE-2022-0670: Native-CephFS Manila Path-restriction bypass Summary ------- -Users who were running OpenStack Manila to export native CephFS, who +Users who were running OpenStack Manila to export native CephFS and who upgraded their Ceph cluster from Nautilus (or earlier) to a later -major version, were vulnerable to an attack by malicious users. The +major version were vulnerable to an attack by malicious users. The vulnerability allowed users to obtain access to arbitrary portions of -the CephFS filesystem hierarchy, instead of being properly restricted +the CephFS filesystem hierarchy instead of being properly restricted to their own subvolumes. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This plugin is responsible for -managing Ceph File System subvolumes which are used by OpenStack +managing Ceph File System subvolumes, which are used by OpenStack Manila services as a way to provide shares to Manila users. -Again, this vulnerability only impacts OpenStack Manila clusters which +Again, this vulnerability impacts only OpenStack Manila clusters that provided native CephFS access to their users. Affected versions -- 2.47.3