---

CVE-2020-10736 - log back

CVE-2020-10736 edited at 22 Nov 2020 18:33:52

Description

- An authorization bypass vulnerability was found in Ceph versions 15.2.0 to 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. + An authorization bypass vulnerability was found in Ceph versions 15.2.0 and 15.2.1, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

CVE-2020-10736 edited at 22 Nov 2020 18:21:59
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Authentication bypass
Description	+ An authorization bypass vulnerability was found in Ceph versions 15.2.0 to 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
References	+ https://docs.ceph.com/en/latest/releases/octopus/#v15-2-2-octopus + https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2

CVE-2020-10736 created at 22 Nov 2020 18:17:21
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes