ceph (SUSE:Linux Enterprise Module for Basesystem 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP2 package ceph, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2020-25660 — CVSS 8.8 (high): A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients…
CVE-2021-20288 — CVSS 7.2 (high): An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it…
CVE-2020-27781 — CVSS 7.1 (high): User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation…
CVE-2021-3524 — CVSS 6.5 (medium): A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the…
CVE-2021-3509 — CVSS 6.1 (medium): A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from…
CVE-2020-27839 — CVSS 5.4 (medium): A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the…
CVE-2021-3531 — CVSS 5.3 (medium): A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with…
CVE-2020-25678 — CVSS 4.4 (medium): A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching…