What is CVE-2020-1759?

CVE-2020-1759 is a medium-severity vulnerability in The Ceph Project, classified under Reusing a Nonce, Key Pair in Encryption. CVSS score: 6.4/10. Published 2020-04-13.

How severe is CVE-2020-1759?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in The Ceph Project

CVE-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth ta…

EPSS: 0.004 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

The Ceph Project — versions Red Hat Ceph Storage 4, Red Hat Openshift Container Storage 4.2

Weakness classification (CWE)

CWE-323 — Reusing a Nonce, Key Pair in Encryption

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
FEDORA-2020-81b9c6cddc (vendor-advisory, x_refsource_FEDORA)
GLSA-202105-39 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2020-1759?: CVE-2020-1759 is a medium-severity vulnerability in The Ceph Project, classified under Reusing a Nonce, Key Pair in Encryption. CVSS score: 6.4/10. Published 2020-04-13.
How severe is CVE-2020-1759?: Medium severity. CVSS v3 base score is 6.4 out of 10.