17 matches found
CVE-2018-1128
CVE-2018-1128 describes a replay vulnerability in the Cephx authentication protocol where a packet sniffer on a Ceph cluster network can authenticate to Ceph services due to insufficient verification of clients. The issue affects the msgr2 protocol (used by most Ceph communication) and can compro...
CVE-2020-25660
The CVE-2020-25660 issue affects Cephx authentication in Ceph versions before 15.2.6 and before 14.2.14, where client verification can be bypassed, enabling replay attacks over the msgr2 protocol (affecting most Ceph communications; msgr1 is unaffected). An attacker with cluster-network access co...
CVE-2020-27781
CVE-2020-27781 affects Ceph and specifically allows privilege escalation via Native CephFS consumers of OpenStack Manila. An OpenStack Manila user can request access to a share for an arbitrary cephx user; the interface drivers reveal the access key, enabling all users in the requesting project t...
CVE-2020-27839
CVE-2020-27839 affects ceph-dashboard: JWT used for user authentication was stored in the browser’s localStorage, exposing tokens to XSS-based extraction and risking confidentiality/integrity (and potentially availability). Connected advisories describe a remediation approach: moving the JWT to a...
CVE-2021-3524
This CVE-2021-3524 affects Red Hat Ceph Storage RadosGW (Ceph Object Gateway) prior to 14.2.21. The root cause is a CORS ExposeHeader tag handling that allows HTTP header injection via newline characters in the ExposeHeader (and earlier fixes did not address \r as a header separator). Impact is p...
CVE-2021-3531
CVE-2021-3531 affects Red Hat Ceph Storage RGW: in Ceph RGW versions before 14.2.21, processing a GET request for a swift URL that ends with two slashes can crash the rgw, causing a denial of service (availability impact). Connected documents show multiple advisories and vendor patches (e.g., Fed...
CVE-2020-25678
CVE-2020-25678 affects Ceph (versions prior to 16.y.z) where mgr module passwords are stored in clear text. The issue can be observed by grepping mgr logs for grafana/dashboard and is described as an information disclosure vulnerability. Publicly documented in multiple advisories (Ubuntu USN-4998...
CVE-2018-14662
CVE-2018-14662 affects Ceph up to version 13.2.3 (pre-13.2.4). The vulnerability allows authenticated Ceph users with read-only permissions to steal dm-crypt encryption keys used for Ceph disk encryption. This is the underlying flaw reported across multiple advisories and repository releases (not...
CVE-2018-16846
CVE-2018-16846 affects Ceph versions before 13.2.4. Authenticated Ceph RGW users can cause a denial of service against OMAPs holding bucket indices. The issue is triggered by actions performed by RGW users with read/write permissions, as described in the CVE entry and corroborated by multiple adv...
CVE-2018-16889
CVE-2018-16889 concerns Ceph's v4 authentication logging: encryption keys are not sanitized in debug/log output, potentially leaking key material. The vulnerability applies to Ceph versions up to 13.2.4 and is documented across multiple advisories (SUSE/SU-2019:2049-1, SUSE-SU-2019:2364-1, RHSA-2...
CVE-2022-3650
CVE-2022-3650 is a local privilege-escalation flaw in Ceph via the ceph-crash.service, allowing an authenticated local attacker to gain root privileges (via crash dump contents). Affected is Ceph prior to patched versions; the root cause is the ceph-crash script running as root in /var/lib/ceph/c...
CVE-2016-5009
The CVE-2016-5009 issue affects Ceph where the handle_command function in mon/Monitor.cc could be triggered by an empty or crafted prefix, allowing a remote authenticated user to cause a denial of service (segmentation fault and monitor crash). The linked advisories (Red Hat RHSA-2016:1384, SUSE/...
CVE-2015-5245
Ceph Object Gateway (RGW) is affected by a CRLF injection vulnerability caused by improper validation of user-supplied input. This allows a remote attacker to inject arbitrary HTTP headers and conduct HTTP response splitting via a crafted bucket name, affecting Ceph versions before 0.94.4. Remedi...
CVE-2018-7262
CVE-2018-7262 affects Ceph RGW (rgw_civetweb.cc RGWCivetWeb::init_env) where malformed HTTP headers can crash radosgw, enabling denial of service. Affected ranges in the initial entry are Ceph releases before 12.2.3 and 13.x up to 13.0.1. Public disclosures in connected docs corroborate that the ...
CVE-2016-8626
Summary: CVE-2016-8626 affects Red Hat Ceph Storage with vulnerability in the Ceph Object Gateway’s handling of POST object requests, allowing an authenticated attacker to cause a denial-of-service. Affected products/contexts (from provided docs): Red Hat Ceph (pre-0.94.9-8) and Red Hat Ceph Stor...
CVE-2017-16818
CVE-2017-16818 affects Ceph RGW (RADOS Gateway) in Ceph versions 12.1.0–12.2.1. The issue allows remote authenticated users with full (not necessarily admin) privileges to post an invalid profile to the admin API, triggering assertions and an application exit. The root cause is traced to RGW IAM-...
CVE-2024-47866
CVE-2024-47866 affects Ceph RGW: using x-amz-copy-source with an empty string as object content can crash RGW and cause DoS in Ceph versions up to 19.2.3. Public details confirm impact is a denial of service; no patch in initial disclosure. Some connected advisories note fixes or mitigations in d...