Ceph Ceph

Do you want an email whenever new security vulnerabilities are reported in Ceph?

By the Year

In 2021 there have been 0 vulnerabilities in Ceph . Last year Ceph had 1 security vulnerability published. Right now, Ceph is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 1 6.50
2019 1 7.50
2018 2 7.30

It may take a day or so for new Ceph vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Ceph Security Vulnerabilities

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects

CVE-2020-1700 6.5 - Medium - February 07, 2020

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.

Resource Exhaustion

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests

CVE-2019-10222 7.5 - High - November 08, 2019

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Resource Exhaustion

A flaw was found in the way signature calculation was handled by cephx authentication protocol

CVE-2018-1129 6.5 - Medium - July 10, 2018

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

authentification

A flaw was found in the way ceph mon handles user requests

CVE-2018-10861 8.1 - High - July 10, 2018

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Ceph? Click the Watch button to subscribe.

subscribe