Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-45143)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-45143. Vulnerability Details CVEID:CVE-2023-45143 DESCRIPTION: Node.js undici module could allow a remote authenticated...

Security Bulletin: IBM Storage Ceph is vulnerable to a Heap-based Buffer Overflow in the RHEL UBI (CVE-2023-4911)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-4911 Vulnerability Details CVEID:CVE-2023-4911 DESCRIPTION: glibc could allow a local authenticated attacker to gain elevate...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Grafana (CVE-2023-1410)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-1410 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1410 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Authentication in the RHEL UBI (CVE-2023-27538)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27538 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-27538 DESCRIPTION: cURL libcurl could allow a local attacker to bypass security restrictions,...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in the RHEL UBI (CVE-2023-27533)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27533 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-27533 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Authentication in the RHEL UBI (CVE-2023-27538)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27538 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID: CVE-2023-27538 DESCRIPTION: cURL libcurl could allow a local attacker to bypass security restrictions,...

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-32681)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-32681 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID: CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain...