Linux Foundation Ceph
By the Year
In 2021 there have been 0 vulnerabilities in Linux Foundation Ceph . Last year Ceph had 4 security vulnerabilities published. Right now, Ceph is on track to have less security vulnerabilities in 2021 than it did last year.
It may take a day or so for new Ceph vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Linux Foundation Ceph Security Vulnerabilities
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2
8 - High
- June 22, 2020
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3
6.1 - Medium
- April 23, 2020
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
An issue was discovered in Ceph through 13.2.9
7.5 - High
- April 22, 2020
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
NULL Pointer Dereference
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5
7.5 - High
- April 21, 2020
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.