Ceph Security Vulnerabilities and Issues — Ceph CVE List

Lucene search

LinuxfoundationCeph

3 matches found

CVE•added 2020/06/26 3:15 p.m.•244 views

CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the C...

6.5CVSS6.5AI score0.00254EPSS

CVE•added 2020/04/23 3:15 p.m.•239 views

CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

6.1CVSS5.9AI score0.00262EPSS

CVE•added 2020/04/13 1:15 p.m.•190 views

CVE-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reu...

6.8CVSS6.5AI score0.00412EPSS