Every CVE whose affected-product data names Linuxfoundation Ceph, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-0670 — CVSS 9.1 (critical): A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire…
CVE-2020-10736 — CVSS 8.0 (high): An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not…
CVE-2020-12059 — CVSS 7.5 (high): An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL…
CVE-2020-1699 — CVSS 7.5 (high): A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has…
CVE-2021-20288 — CVSS 7.2 (high): An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it…
CVE-2020-1759 — CVSS 6.4 (medium): A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was…
CVE-2020-1760 — CVSS 5.8 (medium): A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to…
CVE-2020-10753 — CVSS 5.4 (medium): A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers…