33 matches found
Astra Linux - уязвимость в ceph
A flaw was discovered in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage, which is potentially vulnerable to attacks via XSS attacks. The most significant threat of this vulnerability is related to data...
BIT-CEPH-2020-1699
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph...
EUVD-2020-20337
Malware in sbrugna...
SUSE CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser's localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
SUSE CVE-2020-1699
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph...
USN-5128-1 ceph vulnerabilities
Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. CVE-2020-27781 It was discovered that Ceph...
RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix Update (Important) (RHSA-2021:2445)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2445 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
ceph-dashboard: Cross-site scripting via token Cookie
A flaw was found in the Red Hat Ceph Storage Dashboard. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS. The greatest threa...
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
Hardcoded credentials
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...
DEBIAN-CVE-2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...
DEBIAN-CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
UBUNTU-CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
Design/Logic Flaw
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...
CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...