Every CVE whose affected-product data names Redhat Ceph, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2020-25660 — CVSS 8.8 (high): A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients…
CVE-2022-3650 — CVSS 7.8 (high): A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a…
CVE-2024-47866 — CVSS 7.5 (high): Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument…
CVE-2018-1128 — CVSS 7.5 (high): It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker…
CVE-2018-7262 — CVSS 7.5 (high): In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP…
CVE-2020-27781 — CVSS 7.1 (high): User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation…
CVE-2018-16846 — CVSS 6.5 (medium): It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket…
CVE-2016-5009 — CVSS 6.5 (medium): The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault…
CVE-2016-8626 — CVSS 6.5 (medium): A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated…
CVE-2021-3524 — CVSS 6.5 (medium): A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the…
CVE-2017-16818 — CVSS 6.5 (medium): RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and…
CVE-2018-14662 — CVSS 5.7 (medium): It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used…
CVE-2018-16889 — CVSS 5.5 (medium): Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in…
CVE-2020-27839 — CVSS 5.4 (medium): A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the…
CVE-2021-3531 — CVSS 5.3 (medium): A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with…
CVE-2020-25678 — CVSS 4.4 (medium): A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching…
CVE-2015-5245 — CVSS 4.3 (medium): CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject…