CVE-2021-20288 |
AVG-1826 |
High |
Yes |
Insufficient validation |
An authentication flaw was found in ceph before version 15.2.11. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize... |
CVE-2021-3531 |
AVG-1826 |
Medium |
Yes |
Denial of service |
A security issue was found in the Red Hat Ceph Storage RGW before version 15.2.12. When processing a GET Request for a swift URL that ends with two slashes... |
CVE-2021-3524 |
AVG-1826 |
Medium |
Yes |
Url request injection |
A security issue was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) before version 15.2.12. The vulnerability is related to the injection... |
CVE-2021-3509 |
AVG-1826 |
Medium |
Yes |
Cross-site scripting |
A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from... |
CVE-2020-27839 |
AVG-1421 |
Medium |
Yes |
Cross-site scripting |
A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside... |
CVE-2020-27781 |
AVG-1422 |
Medium |
Yes |
Privilege escalation |
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack... |
CVE-2020-25678 |
AVG-1421 |
Medium |
No |
Information disclosure |
A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for... |
CVE-2020-25660 |
AVG-1195 |
High |
Yes |
Authentication bypass |
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is... |
CVE-2020-10753 |
AVG-1195 |
Medium |
Yes |
Content spoofing |
A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader... |
CVE-2020-10736 |
AVG-1290 |
Medium |
Yes |
Authentication bypass |
An authorization bypass vulnerability was found in Ceph versions 15.2.0 and 15.2.1, where the ceph-mon and ceph-mgr daemons do not properly restrict access,... |
CVE-2020-1760 |
AVG-1195 |
Medium |
Yes |
Cross-site scripting |
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks... |
CVE-2020-1759 |
AVG-1195 |
Medium |
Yes |
Private key recovery |
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2, where a nonce reuse vulnerability was discovered in the... |
CVE-2019-10222 |
AVG-1029 |
Medium |
Yes |
Denial of service |
An improper exception condition handling in Ceph allows to any single unauthenticated client to crash RGW component of Ceph by sending a special crafted... |