Latest redhat ceph Vulnerabilities

CVE-2022-3650
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
Redhat Ceph=16.2.9
ubuntu/ceph<15.2.17-0ubuntu0.20.04.3
ubuntu/ceph<17.2.5-0ubuntu0.22.04.3
ubuntu/ceph<17.2.5-0ubuntu0.22.10.3
ubuntu/ceph<17.2.6-0ubuntu0.23.04.2
ubuntu/ceph<17.2.6-0ubuntu1
and 2 more
CVE-2021-3531
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a deni...
redhat/ceph<14.2.21
Redhat Ceph<14.2.21
Redhat Ceph Storage=4.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The ne...
redhat/ceph<2:14.2.22-110.el7c
redhat/ceph<2:16.2.7-98.el8c
redhat/ceph<14.2.21
Redhat Ceph<14.2.21
Redhat Ceph Storage=4.0
Fedoraproject Fedora=32
and 3 more
CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attacke...
redhat/ceph-dashboard<14.2.17
redhat/ceph-dashboard<15.2.9
Redhat Ceph<14.2.17
Redhat Ceph>=15.2.0<15.2.9
CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to a...
redhat/ceph<2:12.2.12-139.el7c
redhat/ceph-ansible<0:3.2.56-1.el7c
redhat/cephmetrics<0:2.0.10-1.el7c
redhat/grafana<0:5.2.4-3.el7c
redhat/tcmu-runner<0:1.4.0-3.el7c
redhat/ceph<2:14.2.11-95.el7c
and 11 more
CVE-2020-25678
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible...
redhat/ceph<2:14.2.11-147.el7c
redhat/ceph-ansible<0:4.0.49.2-1.el8c
redhat/gperftools<0:2.6.3-3.el8c
redhat/tcmu-runner<0:1.5.2-2.el7c
Redhat Ceph<16.2.0
Redhat Ceph Storage=4.0
and 1 more
CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus...
redhat/ceph<2:14.2.8-115.el7c
redhat/ceph<2:14.2.11-95.el7c
redhat/ceph<15.2.6
redhat/ceph<14.2.14
ubuntu/ceph<15.2.7-0ubuntu0.20.04.2
ubuntu/ceph<15.2.7-0ubuntu0.20.10.3
and 8 more
CVE-2018-16889
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerabl...
Redhat Ceph<=13.2.4
debian/ceph
ubuntu/ceph<10.2.11-0ubuntu0.16.04.2
ubuntu/ceph<12.2.11-0ubuntu0.18.04.1
ubuntu/ceph<13.2.4+dfsg1-0ubuntu0.18.10.2
ubuntu/ceph<13.2.4+dfsg1-0ubuntu2.1
CVE-2018-16846
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
redhat/ceph<13.2.4
debian/ceph
ubuntu/ceph<12.2.11-0ubuntu0.18.04.1
ubuntu/ceph<13.2.4
ubuntu/ceph<10.2.11-0ubuntu0.16.04.2
Redhat Ceph<13.2.4
and 9 more
CVE-2018-14662
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
redhat/ceph<13.2.4
debian/ceph
ubuntu/ceph<12.2.11-0ubuntu0.18.04.1
ubuntu/ceph<13.2.4
ubuntu/ceph<10.2.11-0ubuntu0.16.04.2
Redhat Ceph<13.2.4
and 9 more
CVE-2016-8626
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or spe...
Redhat Ceph<0.94.3.9-8
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
CVE-2018-1128
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packe...
redhat/ceph<2:10.2.10-28.el7c
redhat/ceph-ansible<0:3.0.39-1.el7c
redhat/ceph<2:12.2.4-30.el7c
redhat/cephmetrics<0:1.0.1-1.el7c
redhat/nfs-ganesha<0:2.5.5-6.el7c
debian/ceph
and 17 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203