Latest linuxfoundation ceph Vulnerabilities

CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volume...
ubuntu/ceph<15.2.17-0ubuntu0.20.04.3
ubuntu/ceph<17.2.5-0ubuntu0.22.04.3
ubuntu/ceph<17.2.5-0ubuntu0.22.10.3
ubuntu/ceph<15.2.17<16.2.10<17.2.2
Linuxfoundation Ceph>=15.0.0<15.2.17
Linuxfoundation Ceph>=16.0.0<16.2.10
and 5 more
CVE-2021-20288
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who c...
redhat/ceph<14.2.20
Linuxfoundation Ceph<14.2.21
Redhat Ceph Storage=4.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 1 more
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the Expo...
Redhat Ceph Storage=3.0
Redhat Ceph Storage=4.0
Redhat Openstack=15
Fedoraproject Fedora=32
openSUSE Leap=15.1
Linuxfoundation Ceph<14.2.21
and 15 more
CVE-2020-10736
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthori...
Linuxfoundation Ceph>=15.2.0<15.2.2
ubuntu/ceph<15.2.7-0ubuntu0.20.04.2
ubuntu/ceph<15.2.3-0ubuntu1
ubuntu/ceph<15.2.2
debian/ceph
CVE-2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of...
ubuntu/ceph<12.2.13-0ubuntu0.18.04.4
ubuntu/ceph<15.2.1
ubuntu/ceph<10.2.11-0ubuntu0.16.04.3
Linuxfoundation Ceph<14.2.21
Redhat Ceph Storage=3.0
Redhat Ceph Storage=4.0
and 6 more
CVE-2020-1699
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated at...
Linuxfoundation Ceph=14.2.5
Linuxfoundation Ceph=14.2.6
Linuxfoundation Ceph=15.0.0
Redhat Ceph Storage=4.0
CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which...
Redhat Ceph Storage=4.0
Redhat Openshift=4.2
Redhat Openstack=15
Linuxfoundation Ceph<14.2.21
Fedoraproject Fedora=31
CVE-2020-12059
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
redhat/ceph<2:12.2.12-139.el7c
redhat/ceph-ansible<0:3.2.56-1.el7c
redhat/cephmetrics<0:2.0.10-1.el7c
redhat/grafana<0:5.2.4-3.el7c
redhat/tcmu-runner<0:1.4.0-3.el7c
Linuxfoundation Ceph<=13.2.9
and 6 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203