ceph (SUSE:Enterprise Storage 6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 6 package ceph, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2020-25660 — CVSS 8.8 (high): A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients…
CVE-2019-10222 — CVSS 7.5 (high): A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could…
CVE-2019-3821 — CVSS 7.5 (high): A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could…
CVE-2020-1699 — CVSS 7.5 (high): A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has…
CVE-2021-20288 — CVSS 7.2 (high): An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it…
CVE-2020-27781 — CVSS 7.1 (high): User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation…
CVE-2020-1700 — CVSS 6.5 (medium): A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by…
CVE-2021-3524 — CVSS 6.5 (medium): A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the…
CVE-2020-1759 — CVSS 6.4 (medium): A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was…
CVE-2021-3509 — CVSS 6.1 (medium): A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from…
CVE-2020-1760 — CVSS 5.8 (medium): A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to…
CVE-2018-16889 — CVSS 5.5 (medium): Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in…
CVE-2020-27839 — CVSS 5.4 (medium): A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the…
CVE-2020-10753 — CVSS 5.4 (medium): A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers…
CVE-2021-3531 — CVSS 5.3 (medium): A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with…
CVE-2020-25678 — CVSS 4.4 (medium): A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching…