Ceph Security Vulnerabilities and Issues — Ceph CVE List

Lucene search

LinuxfoundationCeph

3 matches found

CVE•added 2021/04/15 3:15 p.m.•200 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associ...

7.2CVSS6.8AI score0.00179EPSS

CVE•added 2020/04/21 5:15 p.m.•168 views

CVE-2020-1699

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph das...

7.5CVSS7.1AI score0.01822EPSS

CVE•added 2020/04/22 1:15 p.m.•125 views

CVE-2020-12059

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

7.5CVSS7.3AI score0.00274EPSS