AVG-1826 log
| Package | ceph |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 15.2.10-1 |
| Fixed | 15.2.12-1 |
| Current | Removed |
| Ticket | FS#70450 |
| Created | Wed Apr 14 20:06:40 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-20288 | High | Yes | Insufficient validation | An authentication flaw was found in ceph before version 15.2.11. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize... |
| CVE-2021-3531 | Medium | Yes | Denial of service | A security issue was found in the Red Hat Ceph Storage RGW before version 15.2.12. When processing a GET Request for a swift URL that ends with two slashes... |
| CVE-2021-3524 | Medium | Yes | Url request injection | A security issue was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) before version 15.2.12. The vulnerability is related to the injection... |
| CVE-2021-3509 | Medium | Yes | Cross-site scripting | A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 19 May 2021 | ASA-202105-3 | ceph | multiple issues |