Lucene search

K
RedhatCeph

6 matches found

CVE
CVE
added 2018/07/10 2:29 p.m.357 views

CVE-2018-1128

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allo...

7.5CVSS7AI score0.01584EPSS
CVE
CVE
added 2020/12/18 9:15 p.m.247 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface dri...

7.1CVSS6.8AI score0.00043EPSS
CVE
CVE
added 2019/01/28 2:29 p.m.189 views

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

7.5CVSS6.6AI score0.00071EPSS
CVE
CVE
added 2023/01/17 7:15 p.m.108 views

CVE-2022-3650

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

7.8CVSS7.5AI score0.00028EPSS
CVE
CVE
added 2018/08/01 4:29 p.m.107 views

CVE-2016-9579

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1...

7.5CVSS7.2AI score0.18297EPSS
CVE
CVE
added 2018/03/19 9:29 p.m.69 views

CVE-2018-7262

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

7.5CVSS7.3AI score0.00674EPSS