Red Hat Ceph
Recent Red Hat Ceph Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2024:4118 | (RHSA-2024:4118) Moderate: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement update | June 26, 2024 |
RHSA-2024:4119 | (RHSA-2024:4119) Important: Updated rhceph-5.3 container image and security update | June 26, 2024 |
RHSA-2024:3927 | (RHSA-2024:3927) Moderate: Red Hat Ceph Storage 7.1 container image security, and bug fix update | June 13, 2024 |
RHSA-2024:3925 | (RHSA-2024:3925) Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix update | June 13, 2024 |
RHSA-2024:2633 | (RHSA-2024:2633) Important: updated rhceph-6.1 container image | May 1, 2024 |
RHSA-2024:2631 | (RHSA-2024:2631) Critical: Red Hat Ceph Storage 6.1 security and bug fix update | May 1, 2024 |
RHSA-2024:0746 | (RHSA-2024:0746) Important: new container image: rhceph-5.3 | February 8, 2024 |
RHSA-2024:0745 | (RHSA-2024:0745) Moderate: Red Hat Ceph Storage 5.3 Security update | February 8, 2024 |
RHSA-2023:7741 | (RHSA-2023:7741) Important: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update | December 12, 2023 |
RHSA-2023:7740 | (RHSA-2023:7740) Moderate: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update | December 12, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Ceph . Last year Ceph had 1 security vulnerability published. Right now, Ceph is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 7.80 |
2022 | 0 | 0.00 |
2021 | 4 | 5.40 |
2020 | 2 | 7.95 |
2019 | 3 | 6.57 |
2018 | 2 | 7.50 |
It may take a day or so for new Ceph vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Ceph Security Vulnerabilities
A privilege escalation flaw was found in Ceph
CVE-2022-3650
7.8 - High
- January 17, 2023
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
A flaw was found in ceph-dashboard
CVE-2020-27839
5.4 - Medium
- May 26, 2021
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browsers localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Insufficiently Protected Credentials
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21
CVE-2021-3531
5.3 - Medium
- May 18, 2021
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
assertion failure
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21
CVE-2021-3524
6.5 - Medium
- May 17, 2021
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
Injection
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text
CVE-2020-25678
4.4 - Medium
- January 08, 2021
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation
CVE-2020-27781
7.1 - High
- December 18, 2020
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
Insufficiently Protected Credentials
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14
CVE-2020-25660
8.8 - High
- November 23, 2020
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
Authentication Bypass by Capture-replay
Ceph does not properly sanitize encryption keys in debug logging for v4 auth
CVE-2018-16889
7.5 - High
- January 28, 2019
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Insertion of Sensitive Information into Log File
It was found Ceph versions before 13.2.4
CVE-2018-14662
5.7 - Medium
- January 15, 2019
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
AuthZ
It was found in Ceph versions before 13.2.4
CVE-2018-16846
6.5 - Medium
- January 15, 2019
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Allocation of Resources Without Limits or Throttling
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack
CVE-2018-1128
7.5 - High
- July 10, 2018
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
authentification
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly
CVE-2018-7262
7.5 - High
- March 19, 2018
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
NULL Pointer Dereference
The handle_command function in mon/Monitor.cc in Ceph
CVE-2016-5009
6.5 - Medium
- July 12, 2016
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
Improper Input Validation
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4
CVE-2015-5245
- December 03, 2015
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Ceph or by Red Hat? Click the Watch button to subscribe.