CVE-2020-10736 is a vulnerability in Linux Foundation Ceph
Published on June 22, 2020

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2020-10736 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2020-10736

Want to know whenever a new CVE is published for Linux Foundation Ceph? stack.watch will email you.

Linux Foundation Ceph

Affected Versions

[UNKNOWN] ceph Version 15.2.0 before 15.2.2 is affected by CVE-2020-10736

Exploit Probability

EPSS

0.07%

Percentile

20.81%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-10736 is a vulnerability in Linux Foundation CephPublished on June 22, 2020

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2020-10736

Affected Versions

Exploit Probability

CVE-2020-10736 is a vulnerability in Linux Foundation Ceph
Published on June 22, 2020