Ceph Storage Mon Red Hat Ceph Storage Mon

stack.watch can notify you when security vulnerabilities are reported in Red Hat Ceph Storage Mon. You can add multiple products that you use with Ceph Storage Mon to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Red Hat Ceph Storage Mon . Last year Ceph Storage Mon had 0 security vulnerabilities published.

Year Vulnerabilities Average Score
2020 0 0.00
2019 0 0.00
2018 3 7.37

It may take a day or so for new Ceph Storage Mon vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Red Hat Ceph Storage Mon Security Vulnerabilities

A flaw was found in the way ceph mon handles user requests

CVE-2018-10861 8.1 - High - July 10, 2018

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

CVE-2018-10861 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

authentification

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack

CVE-2018-1128 7.5 - High - July 10, 2018

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

authentification

A flaw was found in the way signature calculation was handled by cephx authentication protocol

CVE-2018-1129 6.5 - Medium - July 10, 2018

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

authentification