Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ceph Project Security Vulnerabilities

cve
cve

CVE-2016-7031

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

7.5CVSS

7.3AI Score

0.006EPSS

2016-10-03 06:59 PM
41
4
cve
cve

CVE-2020-27839

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browserโ€™s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integ...

5.4CVSS

5.3AI Score

0.001EPSS

2021-05-26 10:15 PM
219
2
cve
cve

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The g...

6.1CVSS

5.8AI Score

0.001EPSS

2021-05-27 12:15 AM
225