5 matches found
CVE-2018-1128
CVE-2018-1128 describes a replay vulnerability in the Cephx authentication protocol where a packet sniffer on a Ceph cluster network can authenticate to Ceph services due to insufficient verification of clients. The issue affects the msgr2 protocol (used by most Ceph communication) and can compro...
CVE-2018-1129
CVE-2018-1129: A flaw in cephx signature calculation lets an attacker on a ceph cluster network alter payloads to bypass signature checks. Affected Ceph branches include master, mimic, luminous, and jewel. The initial description notes the vulnerability but does not provide a concrete patch versi...
CVE-2018-10861
CVE-2018-10861 describes an authorization issue in Ceph Monitor (ceph-mon) where any authenticated Ceph user with read access can delete, create Ceph storage pools, and corrupt snapshot images. Affected releases include Ceph branches master, mimic, luminous, and jewel. The impact is the ability t...
CVE-2016-9579
The CVE-2016-9579 flaw affects Ceph Object Gateway when CORS is configured to allow origins on a bucket. A remote unauthenticated attacker could trigger a denial-of-service by sending specially crafted cross-origin requests. Affected Ceph branches are 1.3.x and 2.x. Connected sources confirm this...
CVE-2016-5009
The CVE-2016-5009 issue affects Ceph where the handle_command function in mon/Monitor.cc could be triggered by an empty or crafted prefix, allowing a remote authenticated user to cause a denial of service (segmentation fault and monitor crash). The linked advisories (Red Hat RHSA-2016:1384, SUSE/...