ceph

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Distributed, fault-tolerant storage platform delivering object, block, and file system
Version 15.2.14-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1826 15.2.10-1 15.2.12-1 High Fixed FS#70450
AVG-1422 15.2.6-4 15.2.8-1 Medium Fixed
AVG-1421 15.2.8-2 15.2.10-1 Medium Fixed FS#70062
AVG-1290 15.2.0-1 15.2.2-1 Medium Not affected
AVG-1195 14.2.8-1 15.2.6-1 High Fixed FS#67047
AVG-1029 14.2.1-3 14.2.6-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-20288 AVG-1826 High Yes Insufficient validation
An authentication flaw was found in ceph before version 15.2.11. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize...
CVE-2021-3531 AVG-1826 Medium Yes Denial of service
A security issue was found in the Red Hat Ceph Storage RGW before version 15.2.12. When processing a GET Request for a swift URL that ends with two slashes...
CVE-2021-3524 AVG-1826 Medium Yes Url request injection
A security issue was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) before version 15.2.12. The vulnerability is related to the injection...
CVE-2021-3509 AVG-1826 Medium Yes Cross-site scripting
A security issue was found in ceph before version 15.2.12. In order to make the JWT token inaccessible through cross-site scripting (XSS), it was moved from...
CVE-2020-27839 AVG-1421 Medium Yes Cross-site scripting
A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside...
CVE-2020-27781 AVG-1422 Medium Yes Privilege escalation
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack...
CVE-2020-25678 AVG-1421 Medium No Information disclosure
A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for...
CVE-2020-25660 AVG-1195 High Yes Authentication bypass
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is...
CVE-2020-10753 AVG-1195 Medium Yes Content spoofing
A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader...
CVE-2020-10736 AVG-1290 Medium Yes Authentication bypass
An authorization bypass vulnerability was found in Ceph versions 15.2.0 and 15.2.1, where the ceph-mon and ceph-mgr daemons do not properly restrict access,...
CVE-2020-1760 AVG-1195 Medium Yes Cross-site scripting
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks...
CVE-2020-1759 AVG-1195 Medium Yes Private key recovery
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2, where a nonce reuse vulnerability was discovered in the...
CVE-2019-10222 AVG-1029 Medium Yes Denial of service
An improper exception condition handling in Ceph allows to any single unauthenticated client to crash RGW component of Ceph by sending a special crafted...

Advisories

Date Advisory Group Severity Type
19 May 2021 ASA-202105-3 AVG-1826 High multiple issues
26 Nov 2020 ASA-202011-22 AVG-1195 High multiple issues