Redhat

Ceph

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-3650

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.01.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 07:19:57

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

5.4

CVE-2020-27839

  • EPSS 0.34%
  • Veröffentlicht 26.05.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 05:21:54

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this v...

5.3

CVE-2021-3531

  • EPSS 0.26%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:46

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system i...

6.5

CVE-2021-3524

  • EPSS 0.54%
  • Veröffentlicht 17.05.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:45

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the COR...

4.4

CVE-2020-25678

  • EPSS 0.02%
  • Veröffentlicht 08.01.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:26

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

7.1

CVE-2020-27781

  • EPSS 0.04%
  • Veröffentlicht 18.12.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:49

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. ...

8.8

CVE-2020-25660

  • EPSS 0.27%
  • Veröffentlicht 23.11.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:23

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the ...

7.5

CVE-2018-16889

Exploit
  • EPSS 0.07%
  • Veröffentlicht 28.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:32

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

5.7

CVE-2018-14662

  • EPSS 0.1%
  • Veröffentlicht 15.01.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:32

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

6.5

CVE-2018-16846

  • EPSS 4.86%
  • Veröffentlicht 15.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:26

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.