Ceph Linux Foundation Ceph

Do you want an email whenever new security vulnerabilities are reported in Linux Foundation Ceph?

By the Year

In 2021 there have been 0 vulnerabilities in Linux Foundation Ceph . Last year Ceph had 4 security vulnerabilities published. Right now, Ceph is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 4 7.28
2019 0 0.00
2018 0 0.00

It may take a day or so for new Ceph vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Linux Foundation Ceph Security Vulnerabilities

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2

CVE-2020-10736 8 - High - June 22, 2020

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

AuthZ

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3

CVE-2020-1760 6.1 - Medium - April 23, 2020

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

XSS

An issue was discovered in Ceph through 13.2.9

CVE-2020-12059 7.5 - High - April 22, 2020

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

NULL Pointer Dereference

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5

CVE-2020-1699 7.5 - High - April 21, 2020

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Ceph Storage or by Linux Foundation? Click the Watch button to subscribe.

subscribe