AVG-1826 log

Package ceph
Status Fixed
Severity High
Type multiple issues
Affected 15.2.10-1
Fixed 15.2.12-1
Current Removed
Ticket FS#70450
Created Wed Apr 14 20:06:40 2021
Issue Severity Remote Type Description
CVE-2021-20288 High Yes Insufficient validation
An authentication flaw was found in ceph before version 15.2.11. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize...
CVE-2021-3531 Medium Yes Denial of service
A security issue was found in the Red Hat Ceph Storage RGW before version 15.2.12. When processing a GET Request for a swift URL that ends with two slashes...
CVE-2021-3524 Medium Yes Url request injection
A security issue was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) before version 15.2.12. The vulnerability is related to the injection...
CVE-2021-3509 Medium Yes Cross-site scripting
A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from...
Date Advisory Package Type
19 May 2021 ASA-202105-3 ceph multiple issues