Linuxfoundation Ceph
8 CVEs affecting Linuxfoundation Ceph. Latest disclosed: 2022-07-25. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0670 | Critical | 9.1 | 2022-07-25 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vul… |
CVE-2020-10736 | High | 8.0 | 2020-06-22 | An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access… |
CVE-2020-12059 | High | 7.5 | 2020-04-22 | An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. |
CVE-2020-1699 | High | 7.5 | 2020-04-21 | A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions… |
CVE-2021-20288 | High | 7.2 | 2021-04-15 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_ke… |
CVE-2020-1759 | Medium | 6.4 | 2020-04-13 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure… |
CVE-2020-1760 | Medium | 5.8 | 2020-04-23 | A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks du… |
CVE-2020-10753 | Medium | 5.4 | 2020-06-26 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHead… |