Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ceph vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions prior to 15.2.6 and prior to 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to au...
Redhat Ceph
Redhat Ceph Storage 2.0
Redhat Openshift Container Platform 4.0
Redhat Ceph Storage 4.0
Fedoraproject Fedora 33
4.4
CVSSv3
CVE-2020-25678
A flaw was found in ceph in versions before 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 33
9.1
CVSSv3
CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an malicious user to ...
Linuxfoundation Ceph
Redhat Ceph Storage
Fedoraproject Fedora 35
Fedoraproject Fedora 36
5.4
CVSSv3
CVE-2020-27839
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data ...
Redhat Ceph
8
CVSSv3
CVE-2020-10736
An authorization bypass vulnerability was found in Ceph versions 15.2.0 prior to 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configur...
Linuxfoundation Ceph
7.5
CVSSv3
CVE-2018-16889
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Redhat Ceph
6.5
CVSSv3
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the ...
Redhat Ceph Storage 3.0
Redhat Ceph Storage 4.0
Redhat Openstack 15
Fedoraproject Fedora 32
Opensuse Leap 15.1
Linuxfoundation Ceph
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
6.8
CVSSv3
CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability exists in the secure mode of the messenger v2 protocol, which can allow an malicious user to forge auth tags and potentially manipulate the data by l...
Redhat Openshift 4.2
Redhat Ceph Storage 4.0
Redhat Openstack 15
Linuxfoundation Ceph
Fedoraproject Fedora 31
5.3
CVSSv3
CVE-2021-3531
A flaw was found in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.8
CVSSv3
CVE-2022-3650
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local malicious user to escalate privileges to root in the form of a crash dump, and dump privileged information.
Redhat Ceph 16.2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »